| 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" Packages | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| SQL2-00-000500 - SQL Server must maintain and support organization-defined security labels on data in transmission. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-000900 - SQL Server must allow authorized users to associate security labels to information in the database. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-009200 - SQL Server must be protected from unauthorized access by developers. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 18' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 20' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 103' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 108' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 110' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 113' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 132' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 133' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 170' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 171' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 175' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 176' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 178' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012800 - SQL Server must shutdown immediately in the event of an audit failure, unless an alternative audit capability exists. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015200 - SQL Server must be monitored to discover unauthorized changes to stored procedures. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015600 - Database objects must be owned by accounts authorized for ownership. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015620 - In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-019500 - SQL Server must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-021400 - SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information at rest. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-021800 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-022000 - SQL Server must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-023500 - SQL Server job/batch queues must be reviewed regularly to detect unauthorized SQL Server job submissions. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-024100 - The Database Master Key must be encrypted by the Service Master Key where required. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-024300 - Symmetric keys (other than the database master key) must use a DoD certificate to encrypt the key. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-000400 - SQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the database. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-000500 - SQL Server must protect against a user falsely repudiating by use of system-versioned tables (Temporal Tables). | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-000700 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-001100 - SQL Server must limit privileges to change software modules, to include stored procedures, functions, and triggers. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-001200 - SQL Server must limit privileges to change software modules, to include stored procedures, functions, and triggers, and links to software external to SQL Server. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-001300 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be owned by database/DBMS principals authorized for ownership. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-001400 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be restricted to authorized users. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-001500 - In the event of a system failure, hardware loss or disk failure, SQL Server must be able to restore necessary databases with least disruption to mission processes. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-001600 - The Database Master Key encryption password must meet DOD password complexity requirements. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-001800 - The Certificate used for encryption must be backed up and stored in a secure location that is not on the SQL Server. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-002100 - SQL Server must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL6-D0-002500 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in storage. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002600 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in process. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002700 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-003000 - SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-003100 - SQL Server must enforce access restrictions associated with changes to the configuration of the database(s). | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-003200 - SQL Server must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-003300 - SQL Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
