| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2 Install only required packages | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.175 WN22-DC-000300 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Linux v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Windows v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Windows v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure extension directory has appropriate ownership and permissions | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.7 Ensure Password Complexity is Configured - validate_password_special_char_count | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure Interactive Login is Disabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | ACCESS CONTROL |
| 4.2 Ensure sudo is configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL |
| 4.2 Ensure sudo is configured correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | ACCESS CONTROL |
| 4.2 Ensure sudo is configured correctly | CIS PostgreSQL 13 OS v1.2.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure sudo is configured correctly | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 10 OS v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 11 OS v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.1.1.4 Ensure only one logging system is in use | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.1.4 Ensure only one logging system is in use | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3 Mask and zone SAN resources appropriately | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONTINGENCY PLANNING |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle install account is not a member of the oracle group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account is denied logon on locally right' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | ACCESS CONTROL |
