| 2.2 Ensure system Microcode Discovery Service (MDS) is performed regularly | CIS IBM AIX 7 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Secure Permissions for Default Database File Path (DFTDBPATH) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.12 Secure the R Runtime Path (R_PATH) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3 Auto-restart After Abnormal Termination (AUTORESTART) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6.11.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 5.2 Specify a Secure Authentication Type (AUTHENTICATION) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 5.11 DB2CHGPWD_EEE Registry Variable | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 6.1.1 Secure SYSADM Authority | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.3 Secure SYSMAINT Authority | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.1.1 Configure a Server-side Key Store for TLS (SSL_SVR_KEYDB) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.8 Configure a Client-side Key Store for TLS (SSL_CLNT_KEYDB) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.9 Configure a Client-side Stash File for TLS (SSL_CLNT_STASH) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.10 Enable TLS Communication Between HADR Primary and Standby Instances (HADR_SSL_LABEL) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.11 Enable Remote TLS Connections to Db2 (DB2COMM) | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.11.1.9 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.3 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.4 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.4 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.11 (BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.11.3.18 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 18.10.9.2.8 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.13 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.8 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.8 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.10 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.13 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.13 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v5.0.1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_AlmaLinux_OS_8_v4.0.0_L2_Server.audit from CIS AlmaLinux OS 8 4.0.0 | CIS AlmaLinux OS 8 v4.0.0 L2 Server | Unix | |
| CIS_AlmaLinux_OS_8_v4.0.0_L2_Workstation.audit from CIS AlmaLinux OS 8 4.0.0 | CIS AlmaLinux OS 8 v4.0.0 L2 Workstation | Unix | |
| CIS_Amazon_Linux_2_v4.0.0_L2_Server.audit from CIS Amazon Linux 2 4.0.0 | CIS Amazon Linux 2 v4.0.0 L2 Server | Unix | |
| CIS_Oracle_Linux_8_v4.0.0_L1_Server.audit from CIS Oracle Linux 8 4.0.0 | CIS Oracle Linux 8 v4.0.0 L1 Server | Unix | |
| CIS_Oracle_Linux_8_v4.0.0_L2_Server.audit from CIS Oracle Linux 8 4.0.0 | CIS Oracle Linux 8 v4.0.0 L2 Server | Unix | |
| CIS_Oracle_Linux_9_v2.0.0_L2_Workstation.audit from CIS Oracle Linux 9 v2.0.0 | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | |
| CIS_Oracle_Linux_10_v1.0.0_L2_Server.audit from CIS Oracle Linux 10 1.0.0 | CIS Oracle Linux 10 v1.0.0 L2 Server | Unix | |
| CIS_PostgreSQL_10_v1.0.0_L1_OS_Linux.audit from CIS Benchmark for PostgreSQL 10 | CIS PostgreSQL 10 OS v1.0.0 | Unix | |
| CIS_PostgreSQL_16_v1.1.0_L1_OS_Linux_Unix.audit from CIS PostgreSQL 16 Benchmark v1.1.0 | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | |
| CIS_Rocky_Linux_8_v3.0.0_L2_Workstation.audit from CIS Rocky Linux 8 3.0.0 | CIS Rocky Linux 8 v3.0.0 L2 Workstation | Unix | |
| CIS_Rocky_Linux_10_v1.0.0_L1_Server.audit from CIS Rocky Linux 10 1.0.0 | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | |
| CIS_Rocky_Linux_10_v1.0.0_L2_Server.audit from CIS Rocky Linux 10 1.0.0 | CIS Rocky Linux 10 v1.0.0 L2 Server | Unix | |
