| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.20 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.13 Ensure access keys are rotated every 90 days or less | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL |
| 1.16 Ensure a support role has been created to manage incidents with AWS Support | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | INCIDENT RESPONSE |
| 1.17 Ensure IAM instance roles are used for AWS resource access from instances | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.4.4 Ensure idle timeout time is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1 Review use of the guest user in databases | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 3.3 Ensure AWS Config is enabled in all regions | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 5.3 Ensure AWS Cloudfront Logging is enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure Geo-Restriction is enabled within Cloudfront Distribution | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.6 Remove sample databases if installed | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| ACLs: Filter for RFC 1918 addresses (10.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 1918 addresses (172.16.0.0/12) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (0.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (192.0.2.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (198.51.100.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (240.0.0.0/4) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authentication: local authentication is available as a last resort | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| BGP: Disable Capability Negotiation | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-002011 - Kubernetes must have a Pod Security Admission control file configured. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CPM Filtering: Filter for ICMP - echo-reply | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| CPM Filtering: Filter for L2TP | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| CPM Filtering: Filter for VRRP | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS: A trusted secondary DNS server is configured | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ICMP: Do not return Proxy ARP requests | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ICMP: Do not return unreachable messages | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000045 - Silent Authentication must be removed from the Default Application Security Realm. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000050 - Silent Authentication must be removed from the Default Management Security Realm. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| Login: Configure Pre-login Banner | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| Login: Exponential Backoff is set | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| Login: ssh - v1 is disabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Password Complexity: Require a minimum length of 8 characters | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| SNMP: Use SNMPv3 only | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Spanning Tree: enable edge-port | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Spanning Tree: enable root-guard | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time: Set system clock to UTC | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| Time: System has a primary NTP server set | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| TiMOS/SR-OS : OS Version is up to date | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
