| ALMA-09-004970 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | AlmaLinux OS 9 |
| ALMA-09-005080 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | AlmaLinux OS 9 |
| ALMA-09-005190 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | AlmaLinux OS 9 |
| ALMA-09-005300 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | AlmaLinux OS 9 |
| ALMA-09-005410 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | AlmaLinux OS 9 |
| ALMA-09-005960 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | AlmaLinux OS 9 |
| ALMA-09-006070 | V1R4 | AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/ | AlmaLinux OS 9 |
| APPL-13-001001 | V1R5 | The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | macOS 13 - Ventura |
| APPL-14-001001 | V2R4 | The macOS system must be configured to audit all administrative action events. | macOS 14 - Sonoma |
| APPL-15-001001 | V1R5 | The macOS system must be configured to audit all administrative action events. | macOS 15 - Sequoia |
| OL07-00-030870 | V3R3 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Oracle Linux 7 |
| OL07-00-030871 | V3R3 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Oracle Linux 7 |
| OL07-00-030872 | V3R3 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Oracle Linux 7 |
| OL07-00-030873 | V3R3 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Oracle Linux 7 |
| OL07-00-030874 | V3R3 | The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | Oracle Linux 7 |
| OL08-00-030130 | V2R6 | OL 8 must generate audit records for all account creation events that affect "/etc/shadow". | Oracle Linux 8 |
| OL08-00-030140 | V2R6 | OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd". | Oracle Linux 8 |
| OL08-00-030150 | V2R6 | OL 8 must generate audit records for all account creation events that affect "/etc/passwd". | Oracle Linux 8 |
| OL08-00-030160 | V2R6 | OL 8 must generate audit records for all account creation events that affect "/etc/gshadow". | Oracle Linux 8 |
| OL08-00-030170 | V2R6 | OL 8 must generate audit records for all account creation events that affect "/etc/group". | Oracle Linux 8 |
| OL08-00-030171 | V2R6 | OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers". | Oracle Linux 8 |
| OL08-00-030172 | V2R6 | OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/". | Oracle Linux 8 |
| OL09-00-000500 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | Oracle Linux 9 |
| OL09-00-000505 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | Oracle Linux 9 |
| OL09-00-000510 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Oracle Linux 9 |
| OL09-00-000515 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Oracle Linux 9 |
| OL09-00-000520 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Oracle Linux 9 |
| OL09-00-000525 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Oracle Linux 9 |
| OL09-00-000530 | V1R3 | OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Oracle Linux 9 |
| RHEL-07-030870 | V3R9 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Red Hat Enterprise Linux 7 |
| RHEL-07-030871 | V3R9 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Red Hat Enterprise Linux 7 |
| RHEL-07-030872 | V3R9 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Red Hat Enterprise Linux 7 |
| RHEL-07-030873 | V3R9 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Red Hat Enterprise Linux 7 |
| RHEL-07-030874 | V3R9 | The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | Red Hat Enterprise Linux 7 |
| RHEL-09-654215 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | Red Hat Enterprise Linux 9 |
| RHEL-09-654220 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | Red Hat Enterprise Linux 9 |
| RHEL-09-654225 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Red Hat Enterprise Linux 9 |
| RHEL-09-654230 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Red Hat Enterprise Linux 9 |
| RHEL-09-654235 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Red Hat Enterprise Linux 9 |
| RHEL-09-654240 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Red Hat Enterprise Linux 9 |
| RHEL-09-654245 | V2R6 | RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Red Hat Enterprise Linux 9 |
| SLES-12-020200 | V3R2 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | SUSE Linux Enterprise 12 |
| SLES-12-020210 | V3R2 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | SUSE Linux Enterprise 12 |
| SLES-12-020220 | V3R2 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | SUSE Linux Enterprise 12 |
| SLES-12-020230 | V3R2 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | SUSE Linux Enterprise 12 |
| SLES-12-020590 | V3R2 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | SUSE Linux Enterprise 12 |
| SLES-15-030000 | V2R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | SUSE Linux Enterprise 15 |
| SLES-15-030010 | V2R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | SUSE Linux Enterprise 15 |
| SLES-15-030020 | V2R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | SUSE Linux Enterprise 15 |
| SLES-15-030030 | V2R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | SUSE Linux Enterprise 15 |
| SLES-15-030040 | V2R4 | The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | SUSE Linux Enterprise 15 |
| TOSS-04-030000 | V2R3 | TOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Tri-Lab Operating System Stack |
| UBTU-20-010100 | V2R3 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Ubuntu 20.04 |
| UBTU-20-010101 | V2R3 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Ubuntu 20.04 |
| UBTU-20-010102 | V2R3 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Ubuntu 20.04 |
| UBTU-20-010103 | V2R3 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Ubuntu 20.04 |
| UBTU-20-010104 | V2R3 | The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Ubuntu 20.04 |
| UBTU-22-654130 | V2R6 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Ubuntu 22.04 |
| UBTU-22-654135 | V2R6 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Ubuntu 22.04 |
| UBTU-22-654140 | V2R6 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Ubuntu 22.04 |
| UBTU-22-654145 | V2R6 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Ubuntu 22.04 |
| UBTU-22-654150 | V2R6 | Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Ubuntu 22.04 |
| UBTU-24-200280 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | Ubuntu 24.04 |
| UBTU-24-200290 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | Ubuntu 24.04 |
| UBTU-24-200300 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | Ubuntu 24.04 |
| UBTU-24-200310 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | Ubuntu 24.04 |
| UBTU-24-200320 | V1R1 | Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | Ubuntu 24.04 |
| WN10-AU-000030 | V3R4 | The system must be configured to audit Account Management - Security Group Management successes. | Microsoft Windows 10 |
| WN10-AU-000035 | V3R4 | The system must be configured to audit Account Management - User Account Management failures. | Microsoft Windows 10 |
| WN10-AU-000040 | V3R4 | The system must be configured to audit Account Management - User Account Management successes. | Microsoft Windows 10 |
| WN16-AU-000120 | V2R9 | Windows Server 2016 must be configured to audit Account Management - Security Group Management successes. | Microsoft Windows Server 2016 |
| WN16-AU-000140 | V2R9 | Windows Server 2016 must be configured to audit Account Management - User Account Management successes. | Microsoft Windows Server 2016 |
| WN16-AU-000150 | V2R9 | Windows Server 2016 must be configured to audit Account Management - User Account Management failures. | Microsoft Windows Server 2016 |
| WN16-DC-000230 | V2R9 | Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes. | Microsoft Windows Server 2016 |
| WN19-AU-000100 | V3R6 | Windows Server 2019 must be configured to audit Account Management - Security Group Management successes. | Microsoft Windows Server 2019 |
| WN19-AU-000110 | V3R6 | Windows Server 2019 must be configured to audit Account Management - User Account Management successes. | Microsoft Windows Server 2019 |
| WN19-AU-000120 | V3R6 | Windows Server 2019 must be configured to audit Account Management - User Account Management failures. | Microsoft Windows Server 2019 |
| WN19-DC-000230 | V3R6 | Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes. | Microsoft Windows Server 2019 |
| WN22-AU-000100 | V2R6 | Windows Server 2022 must be configured to audit Account Management - Security Group Management successes. | Microsoft Windows Server 2022 |
| WN22-AU-000110 | V2R6 | Windows Server 2022 must be configured to audit Account Management - User Account Management successes. | Microsoft Windows Server 2022 |
| WN22-AU-000120 | V2R6 | Windows Server 2022 must be configured to audit Account Management - User Account Management failures. | Microsoft Windows Server 2022 |
| WN22-DC-000230 | V2R6 | Windows Server 2022 must be configured to audit Account Management - Computer Account Management successes. | Microsoft Windows Server 2022 |