| 1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2022 Database L1 OS v1.1.0 | Windows | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 OS v1.3.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 4.3.2.7 Ensure mrouted is not in use | CIS IBM AIX 7 v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Configure Solaris Auditing - userattr audit_flags root | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| DO3540-ORACLE11 - The Oracle SQL92_SECURITY parameter should be set to TRUE - 'sql92_security = true' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| EP11-00-004000 - Access to external executables must be disabled or restricted. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-008800 - The EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-300008 - To protect against data mining, the F5 BIG-IP appliance providing content filtering must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | ACCESS CONTROL |
| JUSX-IP-000016 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| O19C-00-009300 - The Oracle SQL92_SECURITY parameter must be set to TRUE. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| PPS9-00-008800 - The EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| SP13-00-000175 - The SharePoint setup account must be configured with the minimum privileges on the SQL server. | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_files' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-017000 - Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-020000 - SQL Server must protect the integrity of publicly available information and SQL Servers configuration from unauthorized Securables access. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-016805 - SQL Server must have the SQL Server Distributed Replay Client software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 84 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 85 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 86 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 82 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 87 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 82 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 87 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - SCHEMA_OBJECT_ACCESS_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038900 - If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL4-00-038910 - If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-000500 - SQL Server must protect against a user falsely repudiating by use of system-versioned tables (Temporal Tables). | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-017400 - Hadoop Connectivity feature must be disabled, unless specifically required and approved. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-012800 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA Microsoft SQL Server 2022 Instance STIG v1r3 MS_SQLDB | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000022 - The vCenter Server services must be ran using a service account instead of a built-in Windows account. | DISA VMware vSphere vCenter Server Version 6 STIG v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000022 - The vCenter Server for Windows services must be ran using a service account instead of a built-in Windows account. | DISA VMware vSphere 6.5 vCenter Server for Windows STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
