SRG-OS-000479-GPOS-00224 Controls

STIG IDVersionTitleProduct
ALMA-09-052160V1R4AlmaLinux OS 9 audispd-plugins package must be installed.AlmaLinux OS 9
ALMA-09-052270V1R4AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.AlmaLinux OS 9
ALMA-09-052380V1R4AlmaLinux OS 9 must take appropriate action when the internal event queue is full.AlmaLinux OS 9
ALMA-09-052490V1R4AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.AlmaLinux OS 9
ALMA-09-052600V1R4AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.AlmaLinux OS 9
ALMA-09-052710V1R4AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.AlmaLinux OS 9
ALMA-09-052820V1R4AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.AlmaLinux OS 9
OL09-00-000350V1R3OL 9 must have the rsyslog package installed.Oracle Linux 9
OL09-00-005005V1R3OL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.Oracle Linux 9
RHEL-09-652010V2R6RHEL 9 must have the rsyslog package installed.Red Hat Enterprise Linux 9
RHEL-09-652055V2R6RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.Red Hat Enterprise Linux 9
SLES-12-020100V3R2The audit system must take appropriate action when the network cannot be used to off-load audit records.SUSE Linux Enterprise 12
SLES-12-020110V3R2Audispd must take appropriate action when the SUSE operating system audit storage is full.SUSE Linux Enterprise 12
SLES-12-030340V3R2The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.SUSE Linux Enterprise 12
SLES-15-010580V2R4The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.SUSE Linux Enterprise 15
SLES-15-030790V2R4The SUSE operating system must off-load audit records onto a different system or media from the system being audited.SUSE Linux Enterprise 15
SLES-15-030800V2R4Audispd must take appropriate action when the SUSE operating system audit storage is full.SUSE Linux Enterprise 15
UBTU-18-010007V2R15The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system in real time, if the system is interconnected.Ubuntu 18.04
UBTU-18-010008V2R15The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems.Ubuntu 18.04
UBTU-20-010300V2R3The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.Ubuntu 20.04
UBTU-22-651035V2R6Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.Ubuntu 22.04
UBTU-24-900950V1R1Ubuntu 24.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.Ubuntu 24.04
WN16-AU-000020V2R9Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.Microsoft Windows Server 2016
WN19-AU-000020V3R6Windows Server 2019 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.Microsoft Windows Server 2019
WN22-AU-000020V2R6Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.Microsoft Windows Server 2022
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.