| 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 4.4.1 Ensure custom authselect profile is used | CIS Amazon Linux 2023 v1.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 4.4.2 Ensure lockout for failed password attempts is configured | CIS Debian Linux 10 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.4.2 Ensure lockout for failed password attempts is configured | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.4.2 Ensure lockout for failed password attempts is configured | CIS Debian Linux 10 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 4.4.2 Ensure lockout for failed password attempts is configured | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.1.1 Ensure active authselect profile includes pam modules | CIS Oracle Linux 10 v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_deny.so | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_deny.so | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_deny.so | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth sufficient pam_unix.so' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - 'auth sufficient pam_unix.so' | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2.1 Ensure active authselect profile includes pam modules | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 5.3.3.1.6 Ensure fail_interval is configured on the pam_faillock module | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.3.3.1.11 Ensure dir is configured in /etc/security/faillock.conf | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.3.3.1.17 Ensure even_deny_root is set in /etc/security/faillock.conf | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.3.3.1.18 Ensure the use of a non-default faillock tally directory while SELinux enforces a targeted policy | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 6.3.2 Set Lockout for Failed Password Attempts - auth required pam_tally2.so deny=5 onerr=fail | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 7.3 Disable the dnssec-accept-expired Option | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 7.3 Disable the dnssec-accept-expired Option | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
