| 1.1.16 Ensure separate partition exists for /var/log/audit | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.4 SNMP Security - a) SNMP Community Security | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - config | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.d | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Creating the database with the RESTERICTIVE clause | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 1.6.1.5 Ensure the SELinux mode is enforcing | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled - config | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.3 Authentication type for incoming connections at the server - srvcon_auth | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.23 Ensure SSH AllowTcpForwarding is disabled | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1 Restrict Access to SYSCAT.AUDITPOLICIES | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.3 Restrict Access to SYSCAT.DBAUTH | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.13 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.18 Restrict Access to SYSCAT.SCHEMAAUTH | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.21 Restrict Access to SYSCAT.STATEMENTS | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 7.9 Secure ACCESSCTRL Authority | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 7.10 Secure WLMADM authority | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 7.13 Secure CONNECT Authority | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 8.2.6 Create a Strong Password | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| 8.2.7 Backup Your Keystore | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | CONTINGENCY PLANNING |
| 8.2.8 Backup Your Password In Case Stash File is Inaccessible or Corrupted | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | CONTINGENCY PLANNING |
| 8.2.14 Key Rotation in HADR Environment | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 9.3 Review System Tablespaces | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Deny log on through Remote Desktop Services | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 1903 MS v1.19.9 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server v1909 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 11 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Ensure address space layout randomization (ASLR) is enabled - sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Fortigate - SSH login grace time <= 30 seconds | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| GEN002720-2 - The audit system must be configured to audit failed attempts to access files and programs - '-S open -F exit=-EACCES' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN005305 - The SNMP service must use only SNMPv3 or its successors - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005305 - The SNMP service must use only SNMPv3 or its successors - /etc/snmp/conf/snmpd.conf | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-L2-000020 - The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000120 - The Juniper EX switch must be configured to enable DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000250 - The Juniper EX switch must not have any access interfaces assigned to a VLAN configured as native for any trunked interface. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| OL07-00-010492 - Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
