| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.10 Limit Accepted Transport Layer Security (TLS) Versions | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Limit Accepted Transport Layer Security (TLS) Versions | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 8.0 Community Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.8 Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK) | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.6 L2 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7.3.17 Ensure sshd ReKeyLimit is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Ensure that Tri-Secret Secure is enabled for the Snowflake account | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.4 Ensure SSH Protocol is set to 2 | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.15 Ensure only strong Key Exchange algorithms are used | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.15 Ensure only strong Key Exchange algorithms are used | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.1 Ensure SSH is installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure SSH is running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd_config | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd_config | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.3.16 Ensure only strong Key Exchange algorithms are used - sshd | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.16 Ensure only strong Key Exchange algorithms are used - sshd | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.16 Ensure only strong Key Exchange algorithms are used - sshd_config | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.16 Ensure only strong Key Exchange algorithms are used - sshd_config | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.17 Ensure only strong MAC algorithms are used - approved MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.17 Ensure only strong MAC algorithms are used - approved MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.17 Ensure only strong MAC algorithms are used - weak MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.17 Ensure only strong MAC algorithms are used - weak MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used - approved algorithms | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used - approved algorithms | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used - weak algorithms | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.18 Ensure only strong Key Exchange algorithms are used - weak algorithms | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.29 Ensure SSH Protocol is set to 2 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 7.8 Ensure Medium Strength SSL/TLS Ciphers Are Disabled | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
