| ALMA-09-048865 | V1R4 | AlmaLinux OS 9 must audit any script or executable called by cron as root or by any privileged user. | AlmaLinux OS 9 |
| OL07-00-030810 | V3R3 | The Oracle Linux operating system must audit all uses of the pam_timestamp_check command. | Oracle Linux 7 |
| OL07-00-030805 | V3R3 | OL 7 must audit any script or executable called by cron as root or by any privileged user. | Oracle Linux 7 |
| OL08-00-030603 | V2R6 | OL 8 must enable Linux audit logging for the USBGuard daemon. | Oracle Linux 8 |
| OL08-00-030645 | V2R6 | OL 8 must audit any script or executable called by cron as root or by any privileged user. | Oracle Linux 8 |
| RHEL-07-030810 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command. | Red Hat Enterprise Linux 7 |
| RHEL-08-030655 | V2R5 | RHEL 8 must audit any script or executable called by cron as root or by any privileged user. | Red Hat Enterprise Linux 8 |
| RHEL-09-654096 | V2R5 | RHEL 9 must audit any script or executable called by cron as root or by any privileged user. | Red Hat Enterprise Linux 9 |
| TOSS-04-031140 | V2R3 | Successful/unsuccessful uses of "semanage" in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031150 | V2R3 | Successful/unsuccessful uses of the "gpasswd" command in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031160 | V2R3 | Successful/unsuccessful uses of the "mount" command in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031170 | V2R3 | Successful/unsuccessful uses of the "mount" syscall in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031180 | V2R3 | Successful/unsuccessful uses of the "su" command in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031190 | V2R3 | Successful/unsuccessful uses of the "umount" command in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031200 | V2R3 | Successful/unsuccessful uses of the "unix_update" in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031210 | V2R3 | Successful/unsuccessful uses of the "usermod" command in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031220 | V2R3 | Successful/unsuccessful uses of "unix_chkpwd" in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| TOSS-04-031230 | V2R3 | Successful/unsuccessful uses of "userhelper" in TOSS must generate an audit record. | Tri-Lab Operating System Stack |
| UBTU-18-010237 | V2R15 | The Ubuntu operating system must generate audit records for privileged activities or other system-level access. | Ubuntu 18.04 |
| UBTU-20-010105 | V2R3 | Ubuntu 20.04 LTS must audit any script or executable called by cron as root or by any privileged user. | Ubuntu 20.04 |
| WN10-AU-000100 | V3R4 | The system must be configured to audit Policy Change - Audit Policy Change successes. | Microsoft Windows 10 |
| WN10-AU-000107 | V3R4 | The system must be configured to audit Policy Change - Authorization Policy Change successes. | Microsoft Windows 10 |
| WN10-AU-000130 | V3R4 | The system must be configured to audit System - Other System Events successes. | Microsoft Windows 10 |
| WN10-AU-000135 | V3R4 | The system must be configured to audit System - Other System Events failures. | Microsoft Windows 10 |
| WN11-AU-000130 | V2R5 | The system must be configured to audit System - Other System Events successes. | Microsoft Windows 11 |
| WN11-AU-000135 | V2R5 | The system must be configured to audit System - Other System Events failures. | Microsoft Windows 11 |