| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.3.2 Ensure DNS Filter logs all DNS queries and responses | CIS Fortigate 7.0.x v1.4.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'Directory' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule cgi_module' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'ScriptAlias' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| Configuring a secure password policy for the BIG-IP system - Expiration Warning | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Minimum Duration | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring a secure password policy for the BIG-IP system - Required Special Characters | Tenable F5 BIG-IP Best Practice Audit | F5 | IDENTIFICATION AND AUTHENTICATION |
| Configuring an automatic logout for idle sessions - Configuration utility | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept important ICMP | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - enabled | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Packet filter logging | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Review Packet-Filter Rules | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Unhandled Packet Action | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring LDAP remote authentication for Active Directory - Scope | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring LDAP remote authentication for Active Directory - SSL Client Key | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Configuring the BIG-IP system to enforce the use of strict passwords | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Disabling the admin account | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Disabling the root shell login account | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Encryption protocols such as https should be used | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| HTTP TRACE method should be disabled. 'RewriteCond' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteEngine' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Logging Directives should be restricted to authorized users. - 'CustomLog logs/access_log combined' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'LogLevel notice' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| MaxClients parameter value should be configured to appropriate value. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Mitigating risk from SSH brute force login attacks - Monitor login attempts | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Non-Essential modules should be disabled. 'mod_info' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| O19C-00-009700 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| Overview of BIG-IP administrative access controls | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Overview of the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Preserving or modifying HTTP response headers removed by the BIG-IP ASM system | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restricting access to the Configuration utility by source IP address | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Settings to Lock Down your BIG-IP - Remote Role | Tenable F5 BIG-IP Best Practice Audit | F5 | CONFIGURATION MANAGEMENT |
| Specifying allowable IP ranges for SSH access | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| StartServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
