| 1.2 Ensure 'host headers' are on all sites | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.5 Configure DB2 to use non-standard ports - Port 50000 | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.2 Ensure SELinux is not disabled in bootloader configuration | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 2.2.1 Ensure 'ACCEPT_MD5_CERTS' Is NOT SET | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.14 Set failed archive retry delay | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.16 Disable database discovery | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.20 Secure permissions for the log mirror location - MIRROLOGPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.2.7 Ensure SSH HostbasedAuthentication is disabled | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.7 Ensure the SSH authorized_keys file is empty | CIS VMware ESXi 6.5 v1.0.0 Level 2 Bare Metal | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Set SSH HostbasedAuthentication to No | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002010 - Memory usage for all containers must be limited in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002050 - Mount propagation mode must not set to shared in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002060 - The Docker Enterprise hosts UTS namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-size | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-004030 - The on-failure container restart policy must be is set to 5 in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-004040 - The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-005070 - Docker Enterprise Swarm manager auto-lock key must be rotated periodically. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005230 - Docker Enterprise registry certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-999999 - The version of Docker Enterprise Edition running on the system must be a supported version. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-010482 - Oracle Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| RHEL-07-010491 - Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| UBTU-16-030240 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, MAINTENANCE |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv10 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv12 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
