| 1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm process | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Ensure monitoring and alerting exist for password sign-ins of SSO users | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 3.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | RISK ASSESSMENT |
| FireEye - A scheduled system backup job is configured | TNS FireEye | FireEye | CONTINGENCY PLANNING |
| FireEye - AAA failed logins are tracked | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA is enabled | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - AAA lockout settings apply to the 'admin' user | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts are enabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts delay further attempts for at least 30 seconds | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts occur after at most 5 failures | TNS FireEye | FireEye | |
| FireEye - AAA tries local authentication first | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - AAA user mapping default | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Boot image must be signed | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Boot manager password is set | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - CLI commands do not hide any settings from administrators | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Configuration auditing logs the required number of changes | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Custom SNORT rules are enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Email encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - FENet security content updates are applied automatically | TNS FireEye | FireEye | |
| FireEye - Greylists are enabled | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Guest images | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - IPMI password needs to be set | TNS FireEye | FireEye | |
| FireEye - IPMI should be connected to a restricted management network | TNS FireEye | FireEye | |
| FireEye - LDAP encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - LDAP requires encryption | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Local logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Local logging level is not overridden except by defaults | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Local logging retention configuration | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - NTP is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Reports are run on a schedule | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - SNMP is enabled | TNS FireEye | FireEye | |
| FireEye - SNMP trap hosts that use community override use a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP traps use a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP uses a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP v3 users have passwords | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - SNMP v3 uses AES instead of DES | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - SSH connections must be SSHv2 | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - SSH users are logged out after 15 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - System events are emailed to administrators | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - The appliance uses a trusted DNS server | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - USB media is not auto-mounted | TNS FireEye | FireEye | MEDIA PROTECTION |
| FireEye - User 'admin' SSH access is disabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - User connections are limited by subnet or VLAN | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Web interface does not use the system self-signed certificate | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Web users are logged out after 20 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - YARA policy applies both customer and FireEye rules | TNS FireEye | FireEye | SECURITY ASSESSMENT AND AUTHORIZATION |
| GEN008380 - A root kit check tool must be run on the system at least weekly. | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
