| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Audit SGID executables | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Audit system file permissions - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Audit system file permissions - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CD12-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure access to the su command is restricted - pam_wheel.so | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure address space layout randomization (ASLR) is enabled - sysctl.conf | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure AIDE is installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure AIDE is installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure all users last password change date is in the past | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure audit logs are not automatically deleted | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure authentication required for single user mode | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure broadcast ICMP requests are ignored - sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure chrony is configured - NTP server | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure core dumps are restricted - sysctl.conf | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Ensure default deny firewall policy - Chain FORWARD | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure DHCP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure discard services are not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure discretionary access control permission modification events are collected - auditctl b64 chown fchown | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure GDM login banner is configured - banner-message-enable | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure GPG keys are configured - apt-key list | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure HTTP Proxy Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure HTTP server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IP forwarding is disabled - /etc/sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure NFS and RPC are not enabled - RPC | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure SSH HostbasedAuthentication is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Ensure sticky bit is set on all world-writable directories | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure successful file system mounts are collected - b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure syslog-ng is configured to send logs to a remote log host | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system accounts are non-login | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure talk client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure TCP Wrappers is installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure TCP Wrappers is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure telnet server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure updates, patches, and additional security software are installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure users' dot files are not group or world writable | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure users' home directories permissions are 750 or more restrictive | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure xinetd is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - 'auth sufficient pam_unix.so' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| NTP is not installed - restrict -4 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
