| OL07-00-030630 | V3R2 | The Oracle Linux operating system must audit all uses of the passwd command. | |
| OL07-00-030640 | V3R2 | The Oracle Linux operating system must audit all uses of the unix_chkpwd command. | |
| OL07-00-030650 | V3R2 | The Oracle Linux operating system must audit all uses of the gpasswd command. | |
| OL07-00-030660 | V3R2 | The Oracle Linux operating system must audit all uses of the chage command. | |
| OL07-00-030670 | V3R2 | The Oracle Linux operating system must audit all uses of the userhelper command. | |
| OL07-00-030740 | V3R2 | The Oracle Linux operating system must audit all uses of the mount command and syscall. | |
| OL07-00-030750 | V3R2 | The Oracle Linux operating system must audit all uses of the umount command. | |
| OL07-00-030760 | V3R2 | The Oracle Linux operating system must audit all uses of the postdrop command. | |
| OL07-00-030770 | V3R2 | The Oracle Linux operating system must audit all uses of the postqueue command. | |
| OL07-00-030780 | V3R2 | The Oracle Linux operating system must audit all uses of the ssh-keysign command. | |
| OL07-00-030800 | V3R2 | The Oracle Linux operating system must audit all uses of the crontab command. | |
| OL08-00-020240 | V2R4 | OL 8 duplicate User IDs (UIDs) must not exist for interactive users. | |
| RHEL-07-030630 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the passwd command. | |
| RHEL-07-030640 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command. | |
| RHEL-07-030650 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command. | |
| RHEL-07-030660 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the chage command. | |
| RHEL-07-030670 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command. | |
| RHEL-07-030740 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall. | |
| RHEL-07-030750 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the umount command. | |
| RHEL-07-030760 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command. | |
| RHEL-07-030770 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command. | |
| RHEL-07-030780 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command. | |
| RHEL-07-030800 | V3R9 | The Red Hat Enterprise Linux operating system must audit all uses of the crontab command. | |
| WN10-CC-000066 | V3R4 | Command line data must be included in process creation events. | |
| WN10-CC-000326 | V3R4 | PowerShell script block logging must be enabled on Windows 10. | |
| WN11-CC-000066 | V2R3 | Command line data must be included in process creation events. | |
| WN11-CC-000326 | V2R3 | PowerShell script block logging must be enabled on Windows 11. | |
| WN16-CC-000100 | V2R9 | Command line data must be included in process creation events. | |
| WN16-CC-000490 | V2R9 | PowerShell script block logging must be enabled. | |
| WN19-CC-000090 | V3R4 | Windows Server 2019 command line data must be included in process creation events. | |
| WN19-CC-000460 | V3R4 | Windows Server 2019 PowerShell script block logging must be enabled. | |
| WN22-CC-000090 | V2R4 | Windows Server 2022 command line data must be included in process creation events. | |
| WN22-CC-000460 | V2R4 | Windows Server 2022 PowerShell script block logging must be enabled. | |