| 1.2 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 13 v1.3.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 14 OS v 1.3.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.3 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.1.6 Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 13 v1.3.0 L1 Database Unix | Unix | MEDIA PROTECTION |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 15 v1.2.0 L1 OS Linux Unix | Unix | MEDIA PROTECTION |
| 3.1.12 Ensure syslog messages are not lost due to size | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Ensure syslog messages are not lost due to size | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.10 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 4.1 Ensure Interactive Login is Disabled | CIS PostgreSQL 14 OS v 1.3.0 | Unix | ACCESS CONTROL |
| 4.1 Ensure Interactive Login is Disabled | CIS PostgreSQL 13 v1.3.0 L1 Database Unix | Unix | ACCESS CONTROL |
| 4.1 Ensure Interactive Login is Disabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL |
| 4.4 Rebuild the images to include security patches | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.16 Ensure AWS Security Hub is enabled | CIS Amazon Web Services Foundations v7.0.0 L2 | amazon_aws | RISK ASSESSMENT |
| 8.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONTINGENCY PLANNING |
| 9.6 Ensure Password Fields are Not Empty | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.6 Ensure root PATH Integrity - dot in path | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.23 Find Un-owned Files and Directories | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.23 Find Un-owned Files and Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.24 Find Un-owned Files and Directories | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.24 Find Un-owned Files and Directories | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| ALMA-09-045125 - AlmaLinux OS 9 must be a supported release. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Brocade - enable administrator account lockout | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - minimum number of numeric digits set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - repeat characters must be set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - sequential characters must be set to 2 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - SNMPv3 trap targets are configured properly | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - SupportFTP parameters are set to SCP | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Switch Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that multi-factor authentication is enabled for all accounts | Tenable Best Practices RackSpace v2.0.0 | Rackspace | IDENTIFICATION AND AUTHENTICATION |
| OpenStack Server Images | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| PPS9-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-009200 - The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Rackspace Active Servers | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Database Backups - Every DB instance backed up since the last scan. | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Review the list of all Domains updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Current Rackspace Users | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Review the list of Domains | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of OpenStack Tenants | Tenable Best Practices OpenStack v2.0.0 | OpenStack | ACCESS CONTROL |
| Review the list of Ports and their details | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the List of Rackspace Users with Admin Roles | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
