| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.9 Require instance name for discovery requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.1.15 Set administrative notification level | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| 3.2.1 Set failed archive retry delay | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.3 Disable database discovery | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.8 Establish retention set size for backups | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.2.9 Set archive log failover retry limit | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 3.8 Verify that registry certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.11.36.4.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11.36.4.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Enable backup redundancy | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 5.1.8 Set 'Do not prompt about Level 1 attachments when sending an item' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.9 Ensure SSH HostbasedAuthentication is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.8 Ensure SSH HostbasedAuthentication is disabled | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.8 Ensure SSH HostbasedAuthentication is disabled | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.7 Ensure the SSH authorized_keys file is empty | CIS VMware ESXi 6.7 v1.3.0 Level 2 Bare Metal | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.4 Restrict Access to SYSCAT.COLAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.6 Restrict Access to SYSCAT.EVENTTABLES | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.10 Restrict Access to SYSCAT.PACKAGES | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.13 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.18 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.22 Restrict Access to SYSCAT.ROUTINEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.23 Restrict Access to SYSCAT.SCHEMAAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.32 Restrict Access to SYSCAT.VARIABLEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 9.5 Enable SSL communication with LDAP server | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.9 Secure plug-in library locations - server | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003230 - An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003460 - The Docker Enterprise log aggregation/SIEM systems must be configured to send an alert the ISSO/ISSM when unauthorized software is installed. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005190 - Docker Enterprise docker.socket file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005210 - Docker Enterprise /etc/docker directory ownership must be set to root:root - Ubuntu | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005240 - Docker Enterprise registry certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005260 - Docker Enterprise TLS certificate authority (CA) certificate file permissions must be set to 444 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005270 - Docker Enterprise server certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005290 - Docker Enterprise server certificate key file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005310 - Docker Enterprise socket file ownership must be set to root:docker. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005505 - The operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| Management Services Security - Configure SNMP using the most secure method with more than one trusted server - v1/v2 not configured | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000320 - OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000322 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000062 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (system-auth) - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv12 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
