| 2.2.2 Ensure the Auto Minor Version Upgrade feature is enabled for RDS instances | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.3.1.2 Ensure rsyslog is not configured to receive logs from a remote client | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.1.2 Ensure rsyslog is not configured to receive logs from a remote client | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-109 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be disabled. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-201 - The McAfee VirusScan Enterprise must be configured to receive all patches, service packs and updates from a DoD-managed source. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP host | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - trojansAlert | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - VirusDetected | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| MD3X-00-000740 - MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network server: Digitally sign communications (if client agrees) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (if client agrees) | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (if client agrees) | MSCT Windows Server 2016 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-CC-000335 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Microsoft Windows 10 STIG v3r4 | Windows | MAINTENANCE |
| WN10-CC-000360 - The Windows Remote Management (WinRM) client must not use Digest authentication. | DISA Microsoft Windows 10 STIG v3r4 | Windows | MAINTENANCE |
| WN11-CC-000330 - The Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Microsoft Windows 11 STIG v2r3 | Windows | MAINTENANCE |
| WN11-CC-000335 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Microsoft Windows 11 STIG v2r3 | Windows | MAINTENANCE |
| WN12-CC-000123 - The Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000123 - The Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000125 - The Windows Remote Management (WinRM) client must not use Digest authentication. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | MAINTENANCE |
| WN16-CC-000500 - The Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | MAINTENANCE |
| WN16-CC-000510 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | MAINTENANCE |
| WN16-CC-000520 - The Windows Remote Management (WinRM) client must not use Digest authentication. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | MAINTENANCE |
| WN19-CC-000490 - Windows Server 2019 Windows Remote Management (WinRM) client must not use Digest authentication. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | MAINTENANCE |
