| 2.2 Ensure that authorization is enabled for Cassandra databases | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'TCP/IP protocol is disabled' | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'VIA protocol is disabled' | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 (L1) Host should deactivate SSH | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 3.5 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | ACCESS CONTROL |
| 3.8 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports - TCP 1433 | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports - UDP 1434 | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports, with the defaults (UDP 1434 and TCP 1433) disabled | CIS Microsoft SharePoint 2019 DB v1.0.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 7.23 (L1) Virtual machines must restrict sharing of memory pages with other VMs | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CGI-BIN directory should be disabled. 'LoadModule cgi_module' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| DG0029-ORACLE11 - Required auditing parameters for database auditing should be set - 'audit_trail != none' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| Directory access permissions should be restricted. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| Ensure rsh server is not enabled - rexec | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsh server is not enabled - rlogin | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsh server is not enabled - rsh | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secure | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure separate partition exists for /var | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure session initiation information is collected - auditctl btmp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure session initiation information is collected - btmp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure source routed packets are not accepted - /etc/sysctl ipv4 all acccept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure source routed packets are not accepted - sysctl ipv4 all acccept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure source routed packets are not accepted - sysctl ipv4 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure successful file system mounts are collected - auditctl b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - sysctl ipv4 all log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure talk client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk server is not enabled - ntalk | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure telnet client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure telnet client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| ESXi.firewall-restrict-access | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| Lockout for failed password attempts - 'auth sufficient pam_unix.so' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| SQL2-00-020300 - SQL Server must protect the integrity of publicly available information and SQL Servers configuration from unauthorized Server Roles access. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-022400 - SQL Server must ensure, if Database Availability Groups are being used and there is a server failure, that none of the potential failover servers would suffer from resource exhaustion. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-037500 - SQL Server must generate Trace or Audit records when successful logons or connections occur - Event ID 15 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
