STIGhub
STIGs
RMF Controls
Compare
← CM-5 (1) — Access Restrictions for Change
CCI-003938
Definition
Automatically generate audit records of the enforcement actions.
Parent Control
CM-5 (1)
Access Restrictions for Change
Configuration Management
Linked STIG Checks (98)
V-263530
CAT II
AAA Services must be configured to automatically generate audit records of the enforcement actions.
AAA Services Security Requirements Guide
V-274017
CAT II
Amazon Linux 2023 must have the audit package installed.
Amazon Linux 2023 Security Technical Implementation Guide
V-274018
CAT II
Amazon Linux 2023 must produce audit records containing information to establish what type of events occurred.
Amazon Linux 2023 Security Technical Implementation Guide
V-268091
CAT II
NixOS must generate audit records for all usage of privileged commands.
Anduril NixOS Security Technical Implementation Guide
V-222997
CAT II
AccessLogValve must be configured for Catalina engine.
Apache Tomcat Application Server 9 Security Technical Implementation Guide
V-268452
CAT II
The macOS system must be configured to audit all administrative action events.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268454
CAT II
The macOS system must enable security auditing.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268462
CAT II
The macOS system must be configured to audit all deletions of object attributes.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268463
CAT II
The macOS system must be configured to audit all changes of object attributes.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268464
CAT II
The macOS system must be configured to audit all failed read actions on the system.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268465
CAT II
The macOS system must be configured to audit all failed write actions on the system.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-268470
CAT II
The macOS system must be configured to audit all authorization and authentication events.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-269094
CAT II
The macOS system must be configured to audit all failed program execution on the system.
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V-277060
CAT II
The macOS system must be configured to audit all administrative action events.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277062
CAT II
The macOS system must enable security auditing.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277069
CAT II
The macOS system must be configured to audit all deletions of object attributes.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277070
CAT II
The macOS system must be configured to audit all changes of object attributes.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277071
CAT II
The macOS system must be configured to audit all failed read actions on the system.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277072
CAT II
The macOS system must be configured to audit all failed write actions on the system.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277073
CAT II
The macOS system must be configured to audit all failed program execution on the system.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-277077
CAT II
The macOS system must be configured to audit all authorization and authentication events.
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V-222512
CAT II
The application must audit who makes configuration changes to the application.
Application Security and Development Security Technical Implementation Guide
V-204797
CAT II
The application server must log the enforcement actions used to restrict access associated with changes to the application server.
Application Server Security Requirements Guide
V-260590
CAT II
Ubuntu 22.04 LTS must have the "auditd" package installed.
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V-260591
CAT II
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V-270656
CAT II
Ubuntu 24.04 LTS must have the "auditd" package installed.
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
V-270657
CAT II
Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
V-263570
CAT II
The Central Log Server must automatically generate audit records of the enforcement actions.
Central Log Server Security Requirements Guide
V-271933
CAT II
The Cisco ACI must audit the enforcement actions used to restrict access associated with changes to the device.
Cisco ACI NDM Security Technical Implementation Guide
V-269469
CAT II
The audit package must be installed on AlmaLinux OS 9.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-269532
CAT II
The auditd service must be enabled on AlmaLinux OS 9.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-233189
CAT II
The container platform must enforce access restrictions and support auditing of the enforcement actions.
Container Platform Security Requirements Guide
V-233547
CAT II
PostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s).
Crunchy Data PostgreSQL Security Technical Implementation Guide
V-206598
CAT II
The DBMS must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
Database Security Requirements Guide
V-269774
CAT II
The Dell OS10 Switch must initiate session auditing upon startup.
Dell OS10 Switch NDM Security Technical Implementation Guide
V-263627
CAT II
The DNS server implementation must automatically generate audit records of the enforcement actions.
Domain Name System (DNS) Security Requirements Guide
V-259285
CAT II
The EDB Postgres Advanced Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s).
EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide
V-278397
CAT II
NGINX must restrict access to configuration files.
F5 NGINX Security Technical Implementation Guide
V-230948
CAT III
Forescout must audit the enforcement actions used to restrict access associated with changes to the device.
Forescout Network Device Management Security Technical Implementation Guide
V-203719
CAT II
The operating system must audit the enforcement actions used to restrict access associated with changes to the system.
General Purpose Operating System Security Requirements Guide
V-268282
CAT II
The HYCU virtual appliance must audit the enforcement actions used to restrict access associated with changes to the device.
HYCU Protege Security Technical Implementation Guide
V-215291
CAT II
AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.
IBM AIX 7.x Security Technical Implementation Guide
V-215314
CAT II
AIX must be configured to use syslogd to log events by TCPD.
IBM AIX 7.x Security Technical Implementation Guide
V-215334
CAT I
AIX must disable trivial file transfer protocol.
IBM AIX 7.x Security Technical Implementation Guide
V-223544
CAT II
IBM z/OS Required SMF data record types must be collected.
IBM z/OS ACF2 Security Technical Implementation Guide
V-223767
CAT II
IBM z/OS required SMF data record types must be collected.
IBM z/OS RACF Security Technical Implementation Guide
V-223998
CAT II
IBM z/OS required SMF data record types must be collected.
IBM z/OS TSS Security Technical Implementation Guide
V-258601
CAT II
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
Ivanti Connect Secure NDM Security Technical Implementation Guide
V-213989
CAT II
SQL Server must produce audit records when attempts to modify SQL Server configuration and privileges occur within the database(s).
MS SQL Server 2016 Instance Security Technical Implementation Guide
V-205567
CAT II
The Mainframe Product must audit the enforcement actions used to restrict access associated with changes to the application.
Mainframe Product Security Requirements Guide
V-253733
CAT II
MariaDB must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
MariaDB Enterprise 10.x Security Technical Implementation Guide
V-220383
CAT II
MarkLogic Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
MarkLogic Server v9 Security Technical Implementation Guide
V-255345
CAT II
Azure SQL Database must produce audit records of its enforcement of access restrictions associated with changes to the configuration of Azure SQL Database(s).
Microsoft Azure SQL Database Security Technical Implementation Guide
V-259634
CAT II
The Exchange local machine policy must require signed scripts.
Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
V-259701
CAT II
Exchange software must be monitored for unauthorized changes.
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide
V-271351
CAT II
SQL Server must produce audit records when attempts to modify SQL Server configuration and privileges occur within the database(s).
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
V-253311
CAT II
The system must be configured to audit Detailed Tracking - PNP Activity successes.
Microsoft Windows 11 Security Technical Implementation Guide
V-253312
CAT II
The system must be configured to audit Detailed Tracking - Process Creation successes.
Microsoft Windows 11 Security Technical Implementation Guide
V-260909
CAT II
MKE must be configured to integrate with an Enterprise Identity Provider.
Mirantis Kubernetes Engine Security Technical Implementation Guide
V-279334
CAT II
MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
V-202107
CAT II
The network device must audit the enforcement actions used to restrict access associated with changes to the device.
Network Device Management Security Requirements Guide
V-279565
CAT II
Nutanix OS must have the audit.x86_64 package installed.
Nutanix Acropolis GPOS Security Technical Implementation Guide
V-221764
CAT II
The Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.
Oracle Linux 7 Security Technical Implementation Guide
V-248519
CAT II
The OL 8 audit package must be installed.
Oracle Linux 8 Security Technical Implementation Guide
V-248520
CAT II
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Oracle Linux 8 Security Technical Implementation Guide
V-271519
CAT II
OL 9 must have the audit package installed.
Oracle Linux 9 Security Technical Implementation Guide
V-271520
CAT II
OL 9 audit service must be enabled.
Oracle Linux 9 Security Technical Implementation Guide
V-235170
CAT II
The MySQL Database Server 8.0 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the MySQL Database Server 8.0 or database(s).
Oracle MySQL 8.0 Security Technical Implementation Guide
V-273788
CAT II
The RUCKUS ICX device must initiate session auditing upon startup.
RUCKUS ICX NDM Security Technical Implementation Guide
V-252843
CAT I
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide
V-254555
CAT II
Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
Rancher Government Solutions RKE2 Security Technical Implementation Guide
V-280993
CAT II
RHEL 10 must have the "audit" package installed.
Red Hat Enterprise Linux 10 Security Technical Implementation Guide
V-280994
CAT II
RHEL 10 must enable the audit service.
Red Hat Enterprise Linux 10 Security Technical Implementation Guide
V-258151
CAT II
RHEL 9 audit package must be installed.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-258152
CAT II
RHEL 9 audit service must be enabled.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-257560
CAT II
OpenShift must enforce access restrictions and support auditing of the enforcement actions.
Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide
V-257560
CAT II
OpenShift must enforce access restrictions and support auditing of the enforcement actions.
Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide
V-275677
CAT II
Ubuntu OS must have the "auditd" package installed.
Riverbed NetIM OS Security Technical Implementation Guide
V-275678
CAT II
Ubuntu OS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
Riverbed NetIM OS Security Technical Implementation Guide
V-256072
CAT I
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
Riverbed NetProfiler Security Technical Implementation Guide
V-206744
CAT II
The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework.
SDN Controller Security Requirements Guide
V-217190
CAT II
The SUSE operating system must have the auditing package installed.
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-217209
CAT III
The SUSE operating system must generate audit records for all uses of the privileged functions.
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-279252
CAT I
The Edge SWG must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
Symantec Edge SWG NDM Security Technical Implementation Guide
V-253834
CAT II
The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.
Tanium 7.x Security Technical Implementation Guide
V-253835
CAT II
The Tanium Server installer's account database permissions must be reduced to an appropriate level.
Tanium 7.x Security Technical Implementation Guide
V-242259
CAT I
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
Trend Micro TippingPoint NDM Security Technical Implementation Guide
V-252973
CAT II
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V-282437
CAT II
TOSS 5 audit package must be installed.
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide
V-282438
CAT II
TOSS 5 audit service must be enabled.
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide
V-234524
CAT II
The UEM server must audit the enforcement actions used to restrict access associated with changes to the application.
Unified Endpoint Management Server Security Requirements Guide
V-207471
CAT II
The VMM must audit the enforcement actions used to restrict access associated with changes to the system.
Virtual Machine Manager Security Requirements Guide
V-264341
CAT II
The web server must automatically generate audit records of the enforcement actions.
Web Server Security Requirements Guide
V-269583
CAT II
Xylok Security Suite must audit the enforcement actions used to restrict access associated with changes to it.
Xylok Security Suite 20.x Security Technical Implementation Guide
V-269586
CAT I
Xylok Security Suite must use a central log server for auditing records.
Xylok Security Suite 20.x Security Technical Implementation Guide
V-224283
CAT II
CL/SuperSession must be properly configured to generate SMF records for audit trail and accounting reports.
z/OS CL/SuperSession for ACF2 Security Technical Implementation Guide
V-224462
CAT II
CL/SuperSession must be properly configured to generate SMF records for audit trail and accounting reports.
z/OS CL/SuperSession for RACF Security Technical Implementation Guide
V-224650
CAT II
CL/SuperSession must be properly configured to generate SMF records for audit trail and accounting reports.
z/OS CL/SuperSession for TSS Security Technical Implementation Guide