| RHEL-08-030070 | V1R6 | RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access. | |
| RHEL-08-030080 | V1R6 | RHEL 8 audit logs must be owned by root to prevent unauthorized read access. | |
| RHEL-08-030090 | V1R6 | RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. | |
| RHEL-08-030100 | V1R6 | RHEL 8 audit log directory must be owned by root to prevent unauthorized read access. | |
| RHEL-08-030110 | V1R6 | RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | |
| RHEL-08-030120 | V1R6 | RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. | |
| RHEL-08-030121 | V1R6 | RHEL 8 audit system must protect auditing rules from unauthorized change. | |
| RHEL-08-030122 | V1R6 | RHEL 8 audit system must protect logon UIDs from unauthorized change. | |
| SLES-15-030600 | V1R4 | The SUSE operating system must protect audit rules from unauthorized modification. | |
| WN19-AU-000030 | V3R1 | Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts. | |
| WN19-AU-000040 | V3R1 | Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts. | |
| WN19-AU-000050 | V3R1 | Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts. | |
| WN19-UR-000170 | V3R1 | Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group. | |
| UBTU-20-010122 | V1R6 | The Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users. | |
| UBTU-20-010123 | V1R6 | The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files. | |
| UBTU-20-010124 | V1R6 | The Ubuntu operating system must permit only authorized groups ownership of the audit log files. | |
| APPL-14-000030 | V1R1 | The macOS system must configure audit log files to not contain access control lists. | |
| APPL-14-000031 | V1R1 | The macOS system must configure audit log folders to not contain access control lists. | |
| APPL-14-001012 | V1R1 | The macOS system must configure audit log files to be owned by root. | |
| APPL-14-001013 | V1R1 | The macOS system must configure audit log folders to be owned by root. | |
| APPL-14-001014 | V1R1 | The macOS system must configure audit log files group to wheel. | |
| APPL-14-001015 | V1R1 | The macOS system must configure audit log folders group to wheel. | |
| APPL-14-001016 | V1R1 | The macOS system must configure audit log files to mode 440 or less permissive. | |
| APPL-14-001017 | V1R1 | The macOS system must configure audit log folders to mode 700 or less permissive. | |
| APPL-14-001020 | V1R1 | The macOS system must be configured to audit all deletions of object attributes. | |
| APPL-14-001021 | V1R1 | The macOS system must be configured to audit all changes of object attributes. | |
| APPL-14-001110 | V1R1 | The macOS system must configure audit_control group to wheel. | |
| APPL-14-001120 | V1R1 | The macOS system must configure audit_control owner to root. | |
| APPL-14-001130 | V1R1 | The macOS system must configure audit_control to mode 440 or less permissive. | |
| APPL-14-001140 | V1R1 | The macOS system must configure audit_control to not contain access control lists. | |
| APPL-13-000030 | V1R5 | The macOS system must be configured so that log files do not contain access control lists (ACLs). | |
| APPL-13-000031 | V1R5 | The macOS system must be configured so that log folders do not contain access control lists (ACLs). | |
| APPL-13-001012 | V1R5 | The macOS system must be configured with audit log files owned by root. | |
| APPL-13-001013 | V1R5 | The macOS system must be configured with audit log folders owned by root. | |
| APPL-13-001014 | V1R5 | The macOS system must be configured with audit log files group-owned by wheel. | |
| APPL-13-001015 | V1R5 | The macOS system must be configured with audit log folders group-owned by wheel. | |
| APPL-13-001016 | V1R5 | The macOS system must be configured with audit log files set to mode 440 or less permissive. | |
| APPL-13-001017 | V1R5 | The macOS system must be configured with audit log folders set to mode 700 or less permissive. | |
| OL07-00-910055 | V3R1 | The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion. | |
| RHEL-07-910055 | V3R6 | The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion. | |
| SLES-12-020120 | V3R1 | The SUSE operating system must protect audit rules from unauthorized modification. | |
| APPL-15-000030 | V1R1 | The macOS system must configure audit log files to not contain access control lists (ACLs). | |
| APPL-15-000031 | V1R1 | The macOS system must configure the audit log folder to not contain access control lists (ACLs). | |
| APPL-15-001012 | V1R1 | The macOS system must configure audit log files to be owned by root. | |
| APPL-15-001013 | V1R1 | The macOS system must configure audit log folders to be owned by root. | |
| APPL-15-001014 | V1R1 | The macOS system must configure the audit log files group to wheel. | |
| APPL-15-001015 | V1R1 | The macOS system must configure the audit log folders group to wheel. | |
| APPL-15-001016 | V1R1 | The macOS system must configure audit log files to mode 440 or less permissive. | |
| APPL-15-001017 | V1R1 | The macOS system must configure audit log folders to mode 700 or less permissive. | |
| APPL-15-001020 | V1R1 | The macOS system must be configured to audit all deletions of object attributes. | |
| APPL-15-001021 | V1R1 | The macOS system must be configured to audit all changes of object attributes. | |
| APPL-15-001022 | V1R1 | The macOS system must be configured to audit all failed read actions on the system. | |
| APPL-15-001023 | V1R1 | The macOS system must be configured to audit all failed write actions on the system. | |
| APPL-15-001110 | V1R1 | The macOS system must configure audit_control group to wheel. | |
| APPL-15-001120 | V1R1 | The macOS system must configure audit_control owner to root. | |
| APPL-15-001130 | V1R1 | The macOS system must configure audit_control owner to mode 440 or less permissive. | |
| APPL-15-001140 | V1R1 | The macOS system must configure audit_control to not contain access control lists (ACLs). | |
| ALMA-09-055680 | V1R1 | AlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access. | |
| ALMA-09-055790 | V1R1 | AlmaLinux OS 9 audit log directory must have 0700 permissions to prevent unauthorized read access. | |
| ALMA-09-055900 | V1R1 | AlmaLinux OS 9 audit logs must be owned by the root group to prevent unauthorized read access. | |
| ALMA-09-056010 | V1R1 | AlmaLinux OS 9 audit logs must be owned by root to prevent unauthorized read access. | |
| ALMA-09-056120 | V1R1 | AlmaLinux OS 9 audit logs must have 0600 permissions to prevent unauthorized read access. | |
| OL08-00-030070 | V1R6 | OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access. | |
| OL08-00-030080 | V1R6 | OL 8 audit logs must be owned by root to prevent unauthorized read access. | |
| OL08-00-030090 | V1R6 | OL 8 audit logs must be group-owned by root to prevent unauthorized read access. | |
| OL08-00-030100 | V1R6 | The OL 8 audit log directory must be owned by root to prevent unauthorized read access. | |
| OL08-00-030110 | V1R6 | The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | |
| OL08-00-030120 | V1R6 | The OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. | |
| OL08-00-030121 | V1R6 | The OL 8 audit system must protect auditing rules from unauthorized change. | |
| OL08-00-030122 | V1R6 | The OL 8 audit system must protect logon UIDs from unauthorized change. | |
| OL09-00-000785 | V1R1 | OL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access. | |
| OL09-00-000790 | V1R1 | OL 9 audit log directory must be owned by root to prevent unauthorized read access. | |
| OL09-00-000795 | V1R1 | OL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. | |
| OL09-00-008005 | V1R1 | OL 9 audit system must protect auditing rules from unauthorized change. | |
| UBTU-24-901300 | V1R1 | Ubuntu 24.04 LTS must be configured so that audit log files are not read or write-accessible by unauthorized users. | |
| UBTU-24-901310 | V1R1 | Ubuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files. | |
| UBTU-24-901350 | V1R1 | Ubuntu 24.04 LTS must permit only authorized groups ownership of the audit log files. | |
| UBTU-22-653045 | V1R1 | Ubuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users. | |
| UBTU-22-653050 | V1R1 | Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files. | |
| UBTU-22-653055 | V1R1 | Ubuntu 22.04 LTS must permit only authorized groups ownership of the audit log files. | |
| WN11-AU-000515 | V1R6 | Windows 11 permissions for the Application event log must prevent access by non-privileged accounts. | |
| WN11-AU-000520 | V1R6 | Windows 11 permissions for the Security event log must prevent access by non-privileged accounts. | |
| WN11-AU-000525 | V1R6 | Windows 11 permissions for the System event log must prevent access by non-privileged accounts. | |
| WN11-UR-000130 | V1R6 | The "Manage auditing and security log" user right must only be assigned to the Administrators group. | |
| RHEL-09-653080 | V2R5 | RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access. | |
| RHEL-09-653085 | V2R5 | RHEL 9 audit log directory must be owned by root to prevent unauthorized read access. | |
| RHEL-09-653090 | V2R5 | RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. | |
| RHEL-09-654275 | V2R5 | RHEL 9 audit system must protect auditing rules from unauthorized change. | |
| WN10-AU-000515 | V3R1 | Windows 10 permissions for the Application event log must prevent access by non-privileged accounts. | |
| WN10-AU-000520 | V3R1 | Windows 10 permissions for the Security event log must prevent access by non-privileged accounts. | |
| WN10-AU-000525 | V3R1 | Windows 10 permissions for the System event log must prevent access by non-privileged accounts. | |
| WN10-UR-000130 | V3R1 | The Manage auditing and security log user right must only be assigned to the Administrators group. | |
| WN16-AU-000030 | V2R9 | Permissions for the Application event log must prevent access by non-privileged accounts. | |
| WN16-AU-000040 | V2R9 | Permissions for the Security event log must prevent access by non-privileged accounts. | |
| WN16-AU-000050 | V2R9 | Permissions for the System event log must prevent access by non-privileged accounts. | |
| WN16-UR-000260 | V2R9 | The Manage auditing and security log user right must only be assigned to the Administrators group. | |
| WN22-AU-000030 | V2R5 | Windows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts. | |
| WN22-AU-000040 | V2R5 | Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts. | |
| WN22-AU-000050 | V2R5 | Windows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts. | |
| WN22-UR-000170 | V2R5 | Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group. | |