| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Ensure the default ulimit is configured appropriately | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| 3.4.1.3 Ensure nftables either not installed or masked with firewalld | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable IKE Version 1/2 - group | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable IKE Version 1/2 - rekey | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-002370 - OL 9 must disable the use of user namespaces. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000004 - The system must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000016 - A file integrity tool must be installed. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000037 - The /etc/gshadow file must be group-owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000043 - The /etc/group file must be group-owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000045 - Library files must have mode 0755 or less permissive - '/lib64/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000046 - Library files must be owned by a system account - '/usr/lib/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000046 - Library files must be owned by a system account - '/usr/local/lib/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000047 - All system command files must have mode 755 or less permissive - '/usr/local/bin/*' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000047 - All system command files must have mode 755 or less permissive - '/usr/sbin/*' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000050 - The system must require passwords to contain a minimum of 15 characters. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000051 - Users must not be able to change passwords more than once every 24 hours. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000055 - System and Application account passwords must be changed at least annually. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000057 - The system must require passwords to contain at least one uppercase alphabetic character - password-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000058 - The system must require passwords to contain at least one special character - password-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000059 - The system must require passwords to contain at least one lower-case alphabetic character - password-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000066 - The system boot loader configuration file(s) must be group-owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000067 - The system boot loader configuration file(s) must have mode 0600 or less permissive. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000068 - The system boot loader must require authentication - BIOS | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000068 - The system boot loader must require authentication - UEFI | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000080 - The system must not send ICMPv4 redirects by default - config | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000089 - The system must not accept IPv4 source-routed packets by default - syslog | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000099 - The system must ignore ICMPv6 redirects by default - config | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000117 - The operating system must prevent public IPv4 access into an organizations internal networks, except as appropriately mediated by managed interfaces employing boundary protection devices - CHKCONFIG | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000117 - The operating system must prevent public IPv4 access into an organizations internal networks, except as appropriately mediated by managed interfaces employing boundary protection devices - iptables running | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000127 - The Transparent Inter-Process Communication (TIPC) protocol must be disabled unless required. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000133 - All rsyslog-generated log files must be owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-06-000137 - The operating system must support the requirement to centrally manage the content of audit records generated by organization defined information system components. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - 'CHKCONFIG'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000166 - The audit system must be configured to audit all attempts to alter system time through adjtimex - 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000177 - The operating system must automatically audit account termination - /etc/security/opasswd. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000182 - The audit system must be configured to audit modifications to the systems network configuration - /etc/hosts | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000182 - The audit system must be configured to audit modifications to the systems network configuration - /etc/sysconfig/network | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000183 - The audit system must be configured to audit modifications to the systems Mandatory Access Control (MAC) configuration (SELinux). | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000188 - The audit system must be configured to audit all discretionary access control permission modifications using fchown - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-021350 - The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Enable QoS on all VM guests | TNS Citrix XenServer | Unix | |
