| 1.121 WN22-CC-000280 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.188 UBTU-24-909000 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.11 Ensure the rsyslog service is enabled and active | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.3.1.4 Ensure auditd service is enabled and active | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| DG0004-ORACLE11 - Application object owner accounts should be disabled when not performing installation or maintenance actions. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DG0008-ORACLE11 - Application objects should be owned by accounts authorized for ownership. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0014-ORACLE11 - Default demonstration and sample database objects and applications should be removed - 'No demo or sample users exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ora SSL_CIPHER_SUITES set to valid cipher suite' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0029-ORACLE11 - Required auditing parameters for database auditing should be set - 'audit_trail != none' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS = ONLY' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0123-ORACLE11 - Access to DBMS system tables and other configuration or metadata should be restricted to DBAs. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0155-ORACLE11 - Only authorized system accounts should have the SYSTEM tablespace specified as the default tablespace - 'No unathorized accounts have access to SYSTEM table' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '$ORACLE_HOME/network/admin/listener.ora INBOUND_CONNECT_TIMEOUT_{listener} = 0' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0287-ORACLE11 - The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.EXPIRE_TIME > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO3475-ORACLE11 - Execute permission should be revoked from PUBLIC for restricted Oracle packages - 'PUBLIC does not have execute privilege' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora DIAG_ADR_ENABLED_[listener name] = ON' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/admin/listener.ora DIAG_ADR_ENABLED_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO6740-ORACLE11 - The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora ADMIN_RESTRICTIONS_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '%ORACLE_HOME%\NETWORK\ADMIN\CMAN.ORA does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO6753-ORACLE11 - Oracle Application Express or Oracle HTML DB should not be installed on a production database. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO6754-ORACLE11 - Oracle Configuration Manager should not remain installed on a production system - '%ORACLE_HOME%\ccr directory does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DTBI024 - The Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI112 - The Download signed ActiveX controls property must be disallowed (Restricted Site zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI127 - Installation of desktop items must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI740 - Managing SmartScreen Filter use must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI820 - Launching programs and unsafe files property must be set to prompt (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI830 - ActiveX controls without prompt property must be used in approved domains only (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI880 - ActiveX controls without prompt property must be used in approved domains only (Restricted Site zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1010 - Internet Explorer Processes Restrict ActiveX Install must be enforced (Explorer). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1020 - Internet Explorer Processes Restrict ActiveX Install must be enforced (IExplore). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asa' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI080 IIS6 - The IIS Internet Printing Protocol must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - '{0D43FE01-F093-11CF-8940-00A0C9054228} Check' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6010 IIS6 - The web site must have a unique application pool. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6032 IIS6 - The Enable pinging monitor must be enabled. - 'PingInterval set to 30 or more' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6036 IIS6 - The Enable rapid-fail time period monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA024 W22 - The KeepAliveTimeout directive must be defined. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - conf | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - '-ExecCGI' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA060 A22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA060 W22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA062 A22 - The HTTP request header fields must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA064 A22 - The HTTP request header field size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - '128-Bit Encryption Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLProtocol' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
