| 1.3 Ensure no 'root' user account access key exists | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.19 Ensure that IAM External Access Analyzer is enabled for all regions | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.3 Set a screen corner to Start Screen Saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.8 Ensure an IAM policy that allows admin privileges for all services used is created - Policy Exist | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.16 Ensure no login exists with the name 'sa' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.16 Ensure no login exists with the name 'sa' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure logging is enabled on all firewall policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.3.2 Ensure DNS Filter logs all DNS queries and responses | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 4.9 Ensure AWS Config configuration changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.15 Ensure AWS Organizations changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure all resources are correctly tagged | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| Encryption protocols such as https should be used | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000290 - Exchange Receive connectors must control the number of recipients chunked on a single message. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| HTTP TRACE method should be disabled. 'RewriteCond' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteEngine' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Latest Patches/Fixes should be installed | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Logging Directives should be restricted to authorized users. - 'CustomLog logs/access_log combined' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'LogFormat' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'LogLevel notice' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| MaxKeepAliveRequests parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Non-Essential modules should be disabled. 'mod_autoindex' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_info' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_userdir' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| O19C-00-009500 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-009700 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| Review the list of Database Backups | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| StartServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
