| 1.5 Ensure that VDS Netflow traffic is only being sent to authorized collector IP Addresses | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 1.6 Restrict port-level configuration overrides on vDS | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 2.2 Dedicate the Machine Running MySQL | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Dedicate the Machine Running MySQL | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Dedicate the Machine Running MySQL | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management Services | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Do not use default self-signed certificates for ESXi communication | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 2.9 Require Current Password for Password Reset | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.9 Require Current Password for Password Reset | CIS MySQL 8.0 Community Database L2 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.9 Require Current Password for Password Reset | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.9 Require Current Password for Password Reset | CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 Database | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.11 Lock Out Accounts if Not Currently in Use | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | ACCESS CONTROL |
| 3.4 Configure remote logging for ESXi hosts | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.6 Ensure Relational Database Service Instances have Auto Minor Version Upgrade Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Configure 'Automatically check for Internet Explorer updates' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure the Latest Security Patches are Applied | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_ACCEPT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKCONNECT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FACLSET : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Use Active Directory for local user authentication - Review Domain | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.8 Ensure the 'secure_file_priv' is Configured Correctly | CIS MySQL 8.0 Community Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Disable SSH | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 6.6 Ensure ALL Events are Audited | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONTINGENCY PLANNING |
| 6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure default_authentication_plugin is Set to a Secure Option | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.1 Disable VDS network healthcheck if not used | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 7.1.3 Ensure that the Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.5 Ensure that VDS Port Mirror traffic is only being sent to authorized collector ports or VLANs | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.2.5 Disconnect unauthorized devices - USB Devices | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | MEDIA PROTECTION |
| 8.2.6 Prevent unauthorized removal, connection, and modification of devices | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 8.4.1 Control access to VMs through the dvfilter network APIs | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 8.4.25 Disable VM Console Copy operations | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 9.3 Ensure 'master_info_repository' is Set to 'TABLE' | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | CONFIGURATION MANAGEMENT |
| 10.1 Ensure All Group Replication Traffic is Secured | CIS MySQL 8.0 Community Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS VMware ESXi 5.5 v1.2.0 Level 2 | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
| MYS8-00-002500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to add privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-005200 - If passwords are used for authentication, the MySQL Database Server 8.0 must transmit only encrypted representations of passwords. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-009600 - The MySQL Database Server 8.0 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
