| 1.2 Install only required packages | CIS PostgreSQL 15 v1.2.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Install only required packages | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Install only required packages | CIS PostgreSQL 13 v1.3.0 L1 Database Unix | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Install only required packages | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Ensure Service Runlevel Is Registered And Set Correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.5 Ensure the Latest Security Patches are Applied | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.5 Ensure the Latest Security Patches are Applied | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.5 Ensure the Latest Security Patches are Applied | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 14 OS v 1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | CIS PostgreSQL 15 v1.2.0 L1 OS Linux Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | CIS PostgreSQL 13 v1.3.0 L1 Database Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | MEDIA PROTECTION |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | MEDIA PROTECTION |
| 3.1.5 Ensure the filename pattern for log files is set correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 4.4 Scan and rebuild the images to include security patches | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 19c v2.0.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 23ai v1.1.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2025 v1.0.0 L1 AWS RDS MS_SQLDB | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2025 v1.0.0 L1 Database Engine MS_SQLDB | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 12.18 Location of development database - 'Separate server from production database' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.32 Distribution of tnsnames.ora files to clients - 'Include only tnsnames.ora when distributing to clients' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| EP11-00-003210 - EDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.administration-sso-password-policy | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| Windows Device Configuration - File Blocking Level | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| Windows Device Configuration - Internet sharing | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Monitor file and program activity | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Network and Internet | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - OneDrive file sync | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
