| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 3.6.1.1 OpenSSH - Installation | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.3.6 Remove the pam_ccreds Package | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-005400 - DB2 must protect the confidentiality and integrity of all information at rest. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| Disable unused network ports | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002110 - All Docker Enterprise containers must be restricted from acquiring additional privileges. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure 'EIGRP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Host Name' is set | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Image Authenticity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'Image Integrity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'OSPF authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Password Policy' is enabled - minimum-length | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP community string' is not the default string | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - authentication | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - coldstart | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server group' is set to 'v3 priv' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server host' is set to 'version 3' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TLS 1.0' is set for HTTPS access | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Unused Interfaces' is disable | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure DNS services are configured correctly - domain-lookup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure intrusion prevention is enabled for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure known default accounts do not exist | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure that the 'max_allowed_packet' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure timezone is properly configured | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| GEN009120 - System must be configured to require the use of CAC, PIV compliant hardware token, or Alternate Logon Token for authentication | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token. | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000020 - The WebSphere Application Server admin console session timeout must be configured. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
