| 2.1 Secure DB2 Runtime Library | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 2.3 Set umask value for DB2 admin user .profile file | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 3.1.2 Encrypt user data across the network | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Encrypt user data across the network | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Require explicit authorization for cataloging | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 3.1.9 Require instance name for discovery requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.1.10 Authenticate federated users at the instance level | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 3.1.13 Enable server-based authentication | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.15 Set administrative notification level | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 3.2.1 Set failed archive retry delay | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.3 Disable database discovery | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.8 Establish retention set size for backups | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.9 Set archive log failover retry limit | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 4.29 cman.ora - 'remote_admin = NO' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Enable Backup Redundancy | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 5.1 Enable backup redundancy | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.3 Enable Automatic Database Maintenance | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 6.4 Restrict Access to SYSCAT.COLAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.6 Restrict Access to SYSCAT.EVENTTABLES | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.10 Restrict Access to SYSCAT.PACKAGES | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.13 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.18 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.22 Restrict Access to SYSCAT.ROUTINEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.23 Restrict Access to SYSCAT.SCHEMAAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.32 Restrict Access to SYSCAT.VARIABLEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 7.1 Secure SYSADM authority - SYSADM Group | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 7.1 Secure SYSADM authority - SYSADM Group | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 7.2 Secure SYSCTRL authority - SYSCTRL Group | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 7.2 Secure SYSCTRL authority - SYSCTRL Group Members | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 7.3 Secure SYSMAINT Authority | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 7.4 Secure SYSMON Authority | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 9.5 Enable SSL communication with LDAP server | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.9 Secure plug-in library locations - server | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| Big Sur - Configure System Log Files to Mode 640 or Less Permissive | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure System Log Files to Mode 640 or Less Permissive | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000370 - The Cisco perimeter switch must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003230 - An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002660 - Auditing must be implemented. | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
