| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2025 v1.0.0 L1 Database Engine MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| Brocade - Bottleneck alerts must be enabled | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Disable TFTP IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - enable administrator account lockout | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Enable HTTPS ssl log | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enable SSH IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Fabric Element Authentication must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Forward all error logs to syslog daemon | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - minimum length of the password must be set to 9 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum number of lowercase characters set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum number of numeric digits set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum number of punctuation characters set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum number of uppercase characters set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - MOTD Text | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - repeat characters must be set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - root account is enabled with root role assigned | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - sequential characters must be set to 2 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - SNMPv3 trap targets are configured properly | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - SNMPv3 uses SHA over MD5 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - SupportFTP parameters are set to SCP | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Switch Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - The idle timeout for login session set to 30 minutes | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco IOS XE Switch RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| Ensure that multi-factor authentication is enabled for all accounts | Tenable Best Practices RackSpace v2.0.0 | Rackspace | IDENTIFICATION AND AUTHENTICATION |
| EX13-EG-000235 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000470 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000134 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IBMW-LS-000380 - The WebSphere Liberty Server must use an LDAP user registry. | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000500 - The Juniper BGP router must be configured to reject inbound route advertisements from a customer edge (CE) Juniper router for prefixes that are not allocated to that customer - CE Juniper router. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA Oracle Database 12c STIG v3r5 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| OpenStack Server Images | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Servers and their details | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| Rackspace Active Servers | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Database Backups - Every DB instance backed up since the last scan. | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Rackspace Database Backups created since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Rackspace Inactive Servers | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Server Images | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Servers and their details | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Current Rackspace Users | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Review the list of Databases Deployed In Rackspace | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of OpenStack Tenants | Tenable Best Practices OpenStack v2.0.0 | OpenStack | ACCESS CONTROL |
| Review the List of Rackspace Users with Admin Roles | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
