| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| O112-BP-021700 - The Oracle WITH GRANT OPTION privilege must not be granted to non-DBA or non-Application administrator user accounts. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-BP-023700 - Application owner accounts must have a dedicated application tablespace. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-003500 - The DBMS must restrict grants to sensitive information to authorized user roles. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | ACCESS CONTROL |
| O112-C2-003900 - The DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-011800 - Use of external executables must be authorized. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-014100 - The DBMS must support organizational requirements to enforce password complexity by the number of upper-case characters used. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-014200 - The DBMS must support organizational requirements to enforce password complexity by the number of lower-case characters used. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015200 - The DBMS must enforce password maximum lifetime restrictions. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-016000 - The DBMS must employ cryptographic mechanisms to protect the integrity and confidentiality of non-local maintenance and diagnostic communications. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022900 - Oracle application administration roles must be disabled if not required and authorized. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-023200 - Unauthorized database links must not be defined and active. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-024200 - Use of the DBMS installation account must be logged. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C1-015000 - DBMS default accounts must be assigned custom passwords. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-006700 - A DBMS utilizing Discretionary Access Control (DAC) must enforce a policy that includes or excludes access to the granularity of a single user. | DISA STIG Oracle 12c v3r2 Database | OracleDB | ACCESS CONTROL |
| O121-C2-009700 - The system must protect audit tools from unauthorized modification. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-013300 - The DBMS must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-014900 - Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-016700 - Database data files containing sensitive information must be encrypted. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-018600 - The DBMS must automatically terminate emergency accounts after an organization-defined time period for each type of account. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-020000 - The DBMS must restrict error messages so only authorized personnel may view them. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 106' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 108' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 111' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 112' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 117' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 130' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 133' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 135' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 173' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 175' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 176' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 177' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-008800 - SQL Server must enforce separation of duties through assigned information access authorizations - 'user defined roles' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-009000 - SQL Server must restrict access to sensitive information to authorized user roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-009710 - Owners of privileged accounts must use non-privileged accounts for non-administrative activities. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-017400 - SQL Server must support the organizational requirements to specifically prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-023300 - SQL Server must notify appropriate individuals when accounts are modified - 'Event ID 20' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-023300 - SQL Server must notify appropriate individuals when accounts are modified - 'Event ID 102' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-023300 - SQL Server must notify appropriate individuals when accounts are modified - 'Event ID 105' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-023300 - SQL Server must notify appropriate individuals when accounts are modified - 'Event ID 109' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
