| 1.1 Place Databases on Non-System Partitions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Configure NTP time synchronization | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.3 Disable Managed Object Browser (MOB) | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 3.5 Ensure Relational Database Service is Multi-AZ Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 - System Administration Methods - Message of the Day | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | ACCESS CONTROL |
| 4.1 Configure 'Automatically check for Internet Explorer updates' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure CloudTrail is enabled in all regions | CIS Amazon Web Services Foundations v7.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure that logging is enabled. - nodetool getlogginglevels | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure the Latest Security Patches are Applied | CIS MariaDB 10.11 v1.0.0 L2 MariaDB RDBMS on Linux MySQLDB | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure the Latest Security Patches are Applied | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Review Organization's Policies against DB2 RCAC Policies | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Verify Active Directory group membership for the 'ESX Admins' group | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 5.1 Set Sticky Bit on World Writable Directories | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.8 Set DCUI.Access to allow trusted users to override lockdown mode | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONTINGENCY PLANNING |
| 6.8 Disable Host-based Authentication for Login-based Services - rsh auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.8 Disable Host-based Authentication for Login-based Services - rsh auth sufficient pam_rhosts_auth.so.1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.1.3 Ensure that the Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.4 Ensure that there are no unused ports on a distributed virtual port group | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.2.2 Disconnect unauthorized devices - CD/DVD Devices | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.3.2 Minimize use of the VM console | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.4.4 Control VMsafe Agent Configuration | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.6 Disable BIOS BBS | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.7 Disable Guest Host Interaction Protocol Handler | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.8 Disable Unity Taskbar | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.15 Disable Request Disk Topology | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.17 Disable Guest Host Interaction Tray Icon | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.19 Disable Unity Interlock | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 Disable GetCreds | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.24 Disable VM Monitor Control | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.26 Disable VM Console Drag and Drop operations | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.27 Disable VM Console and Paste GUI Options | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.7.3 Do not send host information to guests | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.7.5 Limit VM log file size | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| GOOG-10-002300 - Google Android 10 must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | MobileIron - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 15 COPE STIG v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-007200 - Google Android 16 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 16 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-007200 - Google Android 16 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 16 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-002300 - The Honeywell Mobility Edge Android Pie device must be configured to disable trust agents. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002300 - Microsoft Android 11 must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MYS8-00-000300 - MySQL Database Server 8.0 must produce audit records containing sufficient information to establish what type of events occurred. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-000300 - MySQL Database Server 8.0 must produce audit records containing sufficient information to establish what type of events occurred. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
