| 1.3 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 16 OS v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 15 OS v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
| 1.5 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 11 OS v1.0.0 | Unix | ACCESS CONTROL |
| 3.1.4 Ensure the log file destination directory is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.10 Ensure the correct syslog facility is selected | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Ensure the correct messages are written to the server log | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure 'debug_print_parse' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Ensure 'debug_print_plan' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Ensure 'log_error_verbosity' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - audit.log | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure excessive DML privileges are revoked | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.5 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 6.2 Ensure 'backend' runtime parameters are configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure PostgreSQL subdirectory locations are outside the data cluster | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| ACLs: Filter for RFC 1918 addresses (10.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 1918 addresses (172.16.0.0/12) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (0.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (127.0.0.0/8) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (169.254.0.0/16) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (192.0.2.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (198.51.100.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (240.0.0.0/4) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authentication: enable remote authentication | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Authentication: local authentication is available as a last resort | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| BGP: Authenticate peers | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| BGP: Disable Capability Negotiation | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS: A trusted primary DNS server is configured | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DNS: A trusted secondary DNS server is configured | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM HTTP Server is installed and running on the system | TNS IBM HTTP Server Best Practice | Unix | |
| ICMP: Do not return unreachable messages | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Login: Accounts are locked after 3 failed password attempts | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| Login: Configure Pre-login Banner | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| Login: Exponential Backoff is set | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| Login: Idle connections time out after 5 minutes or less | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: ssh - v1 is disabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: Telnet is disabled (IPv4) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: Telnet is disabled (IPv6) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Password Complexity: Require a minimum length of 8 characters | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| SNMP: Use SNMPv3 only | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Spanning Tree: enable edge-port | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Spanning Tree: enable root-guard | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time: System has a primary NTP server set | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| TiMOS/SR-OS : OS Version is up to date | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
