"Modifications to data" - well, thats an interesting one. That is pretty much what databases are designed for :-)
You can see what facilities are available in each of the editions here
https://docs.oracle.com/cd/E11882_01/license.112/e47877/editions.htm#DBLIC109 Access to particularly sensitive information
=> business defined
Addition of new users, especially privileged users
=> auditing
Any query containing comments
=> auditing - you would have to capture all queries and filter from there
Any query containing multiple embedded queries
=> auditing - you would have to capture all queries and filter from there
Any query or database alerts or failures
=> alert log
Attempts to elevate privileges
=> business defined, auditing of errored command
Attempted access that is successful or unsuccessful
=> auditing
Changes to the database structure
=> auditing
Changes to user roles or database permissions
=> auditing
Database administrator actions
=> auditing, or you might need to consider database vault
Database logons and logoffs
=> auditing
Modifications to data
=> auditing, triggers or flashback data archive
Use of executable commands e.g. xp_cmdshell
=> business defined as to what consitutes 'external'
By the way, I've worked in several Australian government agencies over the years - none of them come close to meeting this "standard". There is always a compromise to what is achievable given the overheads (both resource and financial).