| 1.1.5 - /etc/security/user - 'minalpha >= 2' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.6 - /etc/security/user - 'minother >= 2' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.10 - /etc/security/user - 'maxexpired <= 2' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.30 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.31 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.31 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.31 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.31 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.40 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.40 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.2 Encrypt user data across the network | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Encrypt user data across the network | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Monitor Usage Statistics | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.8 Ensure the HTTP TRACE Method Is Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 Ensure the HTTP TRACE Method Is Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONTINGENCY PLANNING |
| 7.7 Ensure Firewall is active - iptables-persistent run level 2 | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.7.7 (L1) Ensure 'Set authentication rate limiter delay (milliseconds)' is set to 'Enabled: 2000' or more | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.26.1 (L1) Ensure 'Allow Custom SSPs and APs to be loaded into LSASS' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.18.2 (L1) Ensure 'Enable App Installer Experimental Features' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.57.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-054030 - AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054250 - AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054470 - AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| CIS Amazon Linux Benchmark Level 2 | CIS Amazon Linux v2.1.0 L2 | Unix | |
| CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice | Windows | |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice | Unix | |
| DTOO189 - The encryption type for password protected Open XML files must be set. | DISA Microsoft Office System 2016 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office Open XML files | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| O365-CO-000009 - Office applications must be configured to specify encryption type in password-protected Office Open XML files. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000232 - A public OHS server must use TLS if authentication is required to host web sites - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030590 - The SUSE operating system audit system must take appropriate action when the audit storage volume is full. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015800 - The OS must limit privileges to change SQL Server software resident within software libraries (including privileged programs) - 'Install' | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| UBTU-20-010118 - The Ubuntu operating system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653030 - Ubuntu 22.04 LTS must shut down by default upon audit failure. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
