| 3.1 Ensure CloudTrail is enabled in all regions | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 3.1.1 Set an appropriate default database for all users | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 5.11 Ensure an AWS Managed Config Rule for encrypted volumes is applied to App Tier - Encryption | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 14.10 Off site backup storage - 'Implement' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 15 - Authentication | TNS Best Practice JBoss 7 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| 16 - ORB Subsystem - Initializers On | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Authentication policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Device Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Disable HTTP | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable Telnet IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Enable auditcfg | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enable SFTP IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable the track changes feature | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Ensure a SSL certificate file is established | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - maximum password age must be set to no more than 60 days | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum number of uppercase characters set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum password age must be set to at least 30 days | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - Review admin user listings | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - root account is enabled with root role assigned | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - SupportFTP parameters are set to SCP | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Directory access permissions should be restricted. | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000215 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000470 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Firewall Filter - Order terms with time sensitive protocols at the top | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| JUSX-DM-000061 - In the event that communications with the events server is lost, the Juniper SRX Services Gateway must continue to queue log records locally. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUSX-DM-000087 - The Juniper SRX Services Gateway must have the number of rollbacks set to 5 or more. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| Keep Alive Timeout setting value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Logging Directives should be restricted to authorized users. - 'LogLevel notice' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a password policy | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MinSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Non-Essential modules should be disabled. 'mod_include' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Active Servers | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Servers owned by SERVER_UID | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| Rackspace Database Backups - Every DB instance backed up since the last scan. | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Review the list of Databases Deployed In Rackspace | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of OpenStack Tenants | Tenable Best Practices OpenStack v2.0.0 | OpenStack | ACCESS CONTROL |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
| TNS_Alcatel_Nokia_TiMOS_Best_Practices.audit from TNS Alcatel/Nokia TiMOS Best Practices | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | |
| VCPG-67-000004 - VMware Postgres must be configured to overwrite older logs when necessary. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000004 - VMware Postgres must be configured to overwrite older logs when necessary. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
