| ALMA-09-051830 | V1R1 | AlmaLinux OS 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | |
| ALMA-09-051940 | V1R1 | AlmaLinux OS 9 must use a separate file system for the system audit data path. | |
| ALMA-09-052050 | V1R1 | AlmaLinux OS 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | |
| UBTU-18-010314 | V2R15 | The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | |
| UBTU-20-010215 | V1R9 | The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | |
| UBTU-24-900920 | V1R1 | Ubuntu 24.04 LTS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | |
| WN22-CC-000270 | V2R1 | Windows Server 2022 Application event log size must be configured to 32768 KB or greater. | |
| WN22-CC-000280 | V2R1 | Windows Server 2022 Security event log size must be configured to 196608 KB or greater. | |
| WN22-CC-000290 | V2R1 | Windows Server 2022 System event log size must be configured to 32768 KB or greater. | |
| WN10-AU-000500 | V2R8 | The Application event log size must be configured to 32768 KB or greater. | |
| WN10-AU-000505 | V2R8 | The Security event log size must be configured to 1024000 KB or greater. | |
| WN10-AU-000510 | V2R8 | The System event log size must be configured to 32768 KB or greater. | |
| APPL-15-001029 | V1R1 | The macOS system must configure audit retention to seven days. | |
| APPL-15-004050 | V1R1 | The macOS system must configure install.log retention to 365. | |
| APPL-14-001029 | V2R1 | The macOS system must configure audit retention to seven days. | |
| APPL-14-004050 | V2R1 | The macOS system must configure install.log retention to 365. | |
| WN11-AU-000500 | V2R1 | The Application event log size must be configured to 32768 KB or greater. | |
| WN11-AU-000505 | V2R1 | The Security event log size must be configured to 1024000 KB or greater. | |
| WN11-AU-000510 | V2R1 | The System event log size must be configured to 32768 KB or greater. | |
| UBTU-22-653035 | V2R1 | Ubuntu 22.04 LTS must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | |
| RHEL-08-030602 | V1R9 | RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | |
| RHEL-08-030660 | V1R9 | RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility. | |
| RHEL-09-231030 | V2R1 | RHEL 9 must use a separate file system for the system audit data path. | |
| RHEL-09-653030 | V2R1 | RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | |
| OL09-00-000002 | V1R1 | OL 9 must use a separate file system for the system audit data path. | |
| OL09-00-000850 | V1R1 | OL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | |
| WN16-CC-000300 | V2R10 | The Application event log size must be configured to 32768 KB or greater. | |
| WN16-CC-000310 | V2R10 | The Security event log size must be configured to 196608 KB or greater. | |
| WN16-CC-000320 | V2R10 | The System event log size must be configured to 32768 KB or greater. | |
| SLES-15-030660 | V1R9 | The SUSE operating system must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. | |
| SLES-12-020020 | V2R13 | The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | |
| OL07-00-021330 | V2R14 | The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data. | |
| WN19-CC-000270 | V2R8 | Windows Server 2019 Application event log size must be configured to 32768 KB or greater. | |
| WN19-CC-000280 | V2R8 | Windows Server 2019 Security event log size must be configured to 196608 KB or greater. | |
| WN19-CC-000290 | V2R8 | Windows Server 2019 System event log size must be configured to 32768 KB or greater. | |
| OL08-00-030660 | V1R9 | OL 8 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. | |