| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Linux v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Windows v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.2.15 Ensure that the --IPAddressDeny is set to any | CIS Kubernetes v1.11.1 L2 Worker Node | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.10.5 Enable Security Posture | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.6 Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 9.24 Find Files and Directories with Extended Attributes | CIS Solaris 11.2 L1 v1.1.0 | Unix | |
| 9.24 Find Files and Directories with Extended Attributes | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.25 Find Files and Directories with Extended Attributes | CIS Solaris 11 L1 v1.1.0 | Unix | |
| 9.25 Find Files and Directories with Extended Attributes | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'tns services are using correct service account' | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | ACCESS CONTROL |
| DO3538-ORACLE11 - The Oracle REMOTE_OS_AUTHENT parameter should be set to FALSE - 'remote_os_authent = false' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO3539-ORACLE11 - The Oracle REMOTE_OS_ROLES parameter should be set to FALSE - 'remote_os_roles = false' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-EG-000260 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000139 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| O112-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-007400 - Access to Non-Standard extended stored procedures must be disabled or restricted, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-007500 - Access to linked servers must be disabled or restricted, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017000 - Ole Automation Procedures feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017600 - Remote Data Archive feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| vCenter : monitor-admin-assignment | VMWare vSphere 5.X Hardening Guide | VMware | |
| vCenter: vcenter-8.administration-sso-password-policy | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
