| 5.4.2 Ensure Control Plane Authorized Networks is Enabled | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_{SID}_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0009-ORACLE11 - Access to DBMS software files and directories should not be granted to unauthorized users - 'umask < 0022' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0010-ORACLE11 - Database executable and configuration files should be monitored for unauthorized modifications. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0017-ORACLE11 - A production DBMS installation should not coexist on the same DBMS host with other, non-production DBMS installations. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.SSLFIPS_140 = true' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0052-ORACLE11 - All applications that access the database should be logged in the audit trail. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0054-ORACLE11 - The audit logs should be periodically monitored to discover DBMS access using unauthorized applications. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - all protocols use TCPS' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora run_group = nobody' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora SET EXTPROC_DLLS=ONLY' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_BASE files are being backed up' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONTINGENCY PLANNING |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_HOME files are being backed up' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONTINGENCY PLANNING |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems - 'root is not a mamber of the oracle group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG7002-ORACLE11 - A minimum of two Oracle control files must be defined and configured to be stored on separate, archived disks (physical or virtual) or archived partitions on a RAID device. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | |
| DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/admin/listener.ora DIAG_ADR_ENABLED_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/log/listener.log mode 640' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_SERVER = $ORACLE_BASElog' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| FireEye - AAA is enabled | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - AAA tries local authentication first | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Boot manager password is set | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Custom SNORT rules are enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Email encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - FENet security content updates are applied automatically | TNS FireEye | FireEye | |
| FireEye - Greylists are enabled | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Guest images | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - IPMI should be connected to a restricted management network | TNS FireEye | FireEye | |
| FireEye - LDAP encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Remote syslog is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - SNMP trap hosts that use community override use a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP uses a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SSH connections must be SSHv2 | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - SSH users are logged out after 15 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - USB media is not auto-mounted | TNS FireEye | FireEye | MEDIA PROTECTION |
| FireEye - User 'admin' SSH access is disabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Web interface does not use the system self-signed certificate | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - YARA policy applies both customer and FireEye rules | TNS FireEye | FireEye | SECURITY ASSESSMENT AND AUTHORIZATION |
| WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabled | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
