| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 9.1 Apply Applicable Updates | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | RISK ASSESSMENT |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| Audit SUID executables | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure address space layout randomization (ASLR) is enabled - sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure all groups in /etc/passwd exist in /etc/group | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure at/cron is restricted to authorized users - at.allow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure CUPS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure daytime services are not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure default deny firewall policy - Chain INPUT | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure discretionary access control permission modification events are collected - b32 chmod fchmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure DNS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure events that modify the system's network environment are collected - /etc/hosts | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - auditctl /etc/issue | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/group | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/gshadow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/shadow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - auditctl /etc/shadow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure file deletion events by users are collected - b64 unlink | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure GDM login banner is configured - file-db | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure ICMP redirects are not accepted - sysctl ipv4 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure inactive password lock is 30 days or less | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure IPv6 redirects are not accepted - sysctl ipv6 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure LDAP client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure loopback traffic is configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure message of the day is configured properly | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of hfs filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of hfs filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of hfsplus filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of squashfs filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of udf filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure no duplicate group names exist | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure no users have .netrc files | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure nodev option set on /var/tmp partition | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure SCTP is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure SSH LogLevel is set to INFO | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure SSH root login is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure SSH warning banner is configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure SSH X11 forwarding is disabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure TCP SYN Cookies is enabled - /etc/sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - 'auth sufficient pam_unix.so' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| NTP is not installed - restrict -4 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
