| ALMA-09-052930 | V1R1 | AlmaLinux OS 9 must have the rsyslog package installed. | |
| ALMA-09-053040 | V1R1 | AlmaLinux OS 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. | |
| ALMA-09-053150 | V1R1 | The rsyslog service on AlmaLinux OS 9 must be active. | |
| UBTU-18-010025 | V2R15 | The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| UBTU-20-010216 | V1R9 | The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| UBTU-24-100450 | V1R1 | Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited. | |
| WN22-AU-000010 | V2R1 | Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | |
| UBTU-22-653020 | V2R1 | Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited. | |
| RHEL-08-030062 | V1R9 | RHEL 8 must label all off-loaded audit logs before sending them to the central log server. | |
| RHEL-08-030690 | V1R9 | The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | |
| RHEL-08-030700 | V1R9 | RHEL 8 must take appropriate action when the internal event queue is full. | |
| RHEL-08-030710 | V1R9 | RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| RHEL-08-030720 | V1R9 | RHEL 8 must authenticate the remote logging server for off-loading audit logs. | |
| RHEL-07-030201 | V3R8 | The Red Hat Enterprise Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| RHEL-07-030210 | V3R8 | The Red Hat Enterprise Linux operating system must take appropriate action when the remote logging buffer is full. | |
| RHEL-07-030211 | V3R8 | The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server. | |
| RHEL-07-030300 | V3R8 | The Red Hat Enterprise Linux operating system must off-load audit records onto a different system or media from the system being audited. | |
| RHEL-07-030310 | V3R8 | The Red Hat Enterprise Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| RHEL-07-030320 | V3R8 | The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | |
| RHEL-07-030321 | V3R8 | The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | |
| RHEL-09-652035 | V2R1 | RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | |
| RHEL-09-652040 | V2R1 | RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | |
| RHEL-09-652045 | V2R1 | RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| RHEL-09-652050 | V2R1 | RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| RHEL-09-653065 | V2R1 | RHEL 9 must take appropriate action when the internal event queue is full. | |
| RHEL-09-653130 | V2R1 | RHEL 9 audispd-plugins package must be installed. | |
| OL09-00-000450 | V1R1 | OL 9 must have the audispd-plugins package installed. | |
| OL09-00-000855 | V1R1 | OL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | |
| OL09-00-000860 | V1R1 | OL 9 must take appropriate action when the internal event queue is full. | |
| OL09-00-005015 | V1R1 | OL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | |
| OL09-00-005020 | V1R1 | OL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| OL09-00-005025 | V1R1 | OL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | |
| WN16-AU-000010 | V2R10 | Audit records must be backed up to a different system or media than the system being audited. | |
| SLES-15-030670 | V1R9 | The audit-audispd-plugins must be installed on the SUSE operating system. | |
| SLES-15-030680 | V1R9 | The SUSE operating system audit event multiplexor must be configured to use Kerberos. | |
| SLES-15-030690 | V1R9 | Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | |
| SLES-12-020070 | V2R13 | The audit-audispd-plugins must be installed on the SUSE operating system. | |
| SLES-12-020080 | V2R13 | The SUSE operating system audit event multiplexor must be configured to use Kerberos. | |
| SLES-12-020090 | V2R13 | Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | |
| OL07-00-030201 | V2R14 | The Oracle Linux operating system must be configured to off-load audit logs onto a different system or storage media from the system being audited. | |
| OL07-00-030210 | V2R14 | The Oracle Linux operating system must take appropriate action when the remote logging buffer is full. | |
| OL07-00-030211 | V2R14 | The Oracle Linux operating system must label all off-loaded audit logs before sending them to the central log server. | |
| OL07-00-030300 | V2R14 | The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited. | |
| OL07-00-030310 | V2R14 | The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | |
| OL07-00-030320 | V2R14 | The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | |
| OL07-00-030321 | V2R14 | The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | |
| WN19-AU-000010 | V2R8 | Windows Server 2019 audit records must be backed up to a different system or media than the system being audited. | |
| OL08-00-030062 | V1R9 | OL 8 must label all offloaded audit logs before sending them to the central log server. | |
| OL08-00-030690 | V1R9 | The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | |
| OL08-00-030700 | V1R9 | OL 8 must take appropriate action when the internal event queue is full. | |
| OL08-00-030710 | V1R9 | OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. | |
| OL08-00-030720 | V1R9 | OL 8 must authenticate the remote logging server for offloading audit logs. | |