| 1.2 Use Dedicated Least Privileged Account for MariaDB Daemon/Service | CIS MariaDB 10.11 v1.0.0 L1 MariaDB RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | CONTINGENCY PLANNING |
| 2.1.1 Backup Policy in Place | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux Unix | Unix | CONTINGENCY PLANNING |
| 2.3 Dedicate the Machine Running MySQL | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Dedicate the Machine Running MySQL | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Create a user for the container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 4.1 Enforce label-based access controls implementation | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Device is not Obviously Jailbroken | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1 Ensure Device is not Obviously Jailbroken | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 8 v1.0.0 L2 Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 4 L2 OS Linux v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Prelogin 'Login Banner' is set | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure that logging is enabled. - logback.xml | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Restrict Core Dumps - 'hard core 0' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Harden Usage for 'local_infile' on MySQL Clients | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.4 Harden Usage for 'local_infile' on MySQL Clients | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.6 Ensure Symbolic Links are Disabled | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure Symbolic Links are Disabled | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure the 'daemon_memcached' Plugin Is Disabled | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.7 Ensure the 'daemon_memcached' Plugin is Disabled | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.9 Enable data-at-rest encryption in MariaDB | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure 'log_error' is configured correctly | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure 'log_error' is configured correctly | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure 'log_error' is configured correctly | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS MySQLDB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure your authentication_policy is Set to a Secure Option | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure your authentication_policy is Set to a Secure Option | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 15 COBO STIG v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
