| 4.3 Ensure Encryption of Data at Rest | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.13 Ensure SSH AllowTcpForwarding is disabled | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.13 Ensure SSH AllowTcpForwarding is disabled | CIS Fedora 28 Family Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.17 Ensure SSH AllowTcpForwarding is disabled | CIS Oracle Linux 8 Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.17 Ensure SSH AllowTcpForwarding is disabled | CIS Oracle Linux 8 Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| Check for OS type | HIPAA Windows Audit | Windows | |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Application Log Restrict Guest Access' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum Application Log Size (KB)' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum Security Log Size (KB)' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum System Log Size (KB)' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain application log' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain security log' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain system log' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Security Log Restrict Guest Access' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'System Log Restrict Guest Access' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(B) - Protection from Malicious Software (A) 'root\SecurityCenter' | HIPAA Windows Audit | Windows | SYSTEM AND INFORMATION INTEGRITY |
| HIPAA 164.308(a)(5)(ii)(B) - Protection from Malicious Software (A) 'root\SecurityCenter2' | HIPAA Windows Audit | Windows | |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Application Group Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Account Logon Events' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Account Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Logon Events' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_ACCOUNT_LOGON' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_ACCOUNT_MANAGER' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_LOGON' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Computer Account Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Credential Validation' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Distribution Group Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Kerberos Authentication Service' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Kerberos Service Ticket Operations' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Logon' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Other Account Logon Events' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Other Account Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Security Group Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'User Account Management' | HIPAA Windows Audit | Windows | AUDIT AND ACCOUNTABILITY |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Account Lockout Duration | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Account Lockout Threshold | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Enforce Password History | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Maximum Password Age | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Minimum Password Age | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Minimum Password Length | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Password Must Meet Complexity Requirements | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Reset Account Lockout Counter After | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Store Passwords Using Reversible Encryption | HIPAA Windows Audit | Windows | IDENTIFICATION AND AUTHENTICATION |
| HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'AutoDisconnect'. | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'FORCE_LOGOFF' | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'MaxIdleTime'. | HIPAA Windows Audit | Windows | ACCESS CONTROL |
| HIPAA 164.312(a)(2)(iv) - Encryption and Decryption (A) | HIPAA Windows Audit | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| HIPAA 164.312(e)(1) - Transmission Security 'MSFtpsvc' | HIPAA Windows Audit | Windows | CONFIGURATION MANAGEMENT |
| HIPAA 164.312(e)(1) - Transmission Security 'Telnet' | HIPAA Windows Audit | Windows | CONFIGURATION MANAGEMENT |
| HIPAA 164.312(e)(1) - Transmission Security 'TFTPD' | HIPAA Windows Audit | Windows | CONFIGURATION MANAGEMENT |
