| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2.8 Ensure nftables default deny firewall policy | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.9 Ensure nftables default deny firewall policy | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4.2.1 Ensure iptables default deny firewall policy | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013700 - The Apple iOS/iPadOS must be Supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-013200 - The Apple iOS/iPadOS 18 must be supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'No dba account is a member of the root group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_{SID}_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0063-ORACLE11 - DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0068-ORACLE11 - DBMS tools or applications that echo or require a password entry in clear text should be protected from password display. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0090-ORACLE11 - Sensitive information stored in the database should be protected by encryption. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - all protocols use TCPS' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\bin\extproc.exe does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS = ONLY' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS contains only valid paths' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\rdbms\admin\externaljob.ora run_user = nobody' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.invited_nodes = valid IP Range' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0108-ORACLE11 - The DBMS restoration priority should be assigned. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service - 'DomainRole != 4 or 5' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0167-ORACLE11 - Sensitive data served by the DBMS should be protected by encryption when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0186-ORACLE11 - The database should not be directly accessible from public or unauthorized networks. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG7003-ORACLE11 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'LSNRCTL Security' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'No listeners are running' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_DIRECTORY_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_FILE_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| FireEye - AAA tries local authentication first | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Boot manager password is set | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Custom SNORT rules are enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - FENet security content updates are applied automatically | TNS FireEye | FireEye | |
| FireEye - IPMI should be connected to a restricted management network | TNS FireEye | FireEye | |
| FireEye - LDAP encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP trap hosts that use community override use a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SSH users are logged out after 15 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - USB media is not auto-mounted | TNS FireEye | FireEye | MEDIA PROTECTION |
| FireEye - Web interface does not use the system self-signed certificate | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTS-11-001100 - Motorola Solutions Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
