| 1.1.7.1 (L1) Ensure 'TLS_RSA_WITH_3DES_EDE_CBC_SHA ' is set to 'Enabled' | CIS Mozilla Firefox ESR GPO v1.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.16 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.25 Ensure that the --client-ca-file argument is set as appropriate | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate' | CIS Microsoft Edge v3.0.0 L2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Specify Secure Remote Shell Command (DB2RSHCMD) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.12 OpenSSH: Ensure only strong ciphers are used | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure custom Diffie-Hellman parameters are used | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.8 Ensure HTTP Strict Transport Security (HSTS) is enabled | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.8 Ensure HTTP Strict Transport Security (HSTS) is enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.10 Ensure the upstream traffic server certificate is trusted | CIS NGINX Benchmark v2.1.0 L2 Loadbalancer | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.12 Ensure session resumption is disabled to enable perfect forward security | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure HTTP/2.0 is used | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.3 Ensure that the --client-ca-file argument is set as appropriate | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.12 Verify that the RotateKubeletServerCertificate argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.12 Verify that the RotateKubeletServerCertificate argument is set to true | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Set Security TLS Version Maximum | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.15 Ensure only strong Key Exchange algorithms are used | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.14 Ensure only strong Ciphers are used - weak ciphers | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.14 Ensure only strong Ciphers are used - weak ciphers | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong Ciphers are used - approved ciphers | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 13 OS v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4.1 Ensure Trusted Contexts are Enabled | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure 'secure_auth' is Set to 'ON' - ON | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.1 Ensure modern authentication for SharePoint applications is required | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure WAL archiving is configured and functional | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure WAL archiving is configured and functional | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES' | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.1 Configure a Server-side Key Store for TLS (SSL_SVR_KEYDB) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.5 Configure a Secure TLS Version (SSL_VERSIONS) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.8 Configure a Client-side Key Store for TLS (SSL_CLNT_KEYDB) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure 'ssl_type' Is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Ensure Replication Traffic Is Secured | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.11 Force SSL for all applications | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methods | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN005512 - The SSH client must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN007980 - If using LDAP for auth or account information, must use a TLS connection using FIPS 140-2 approved algorithms - 'tls_ciphers' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
