| 1.2 Ensure Single-Function Member Servers are Used | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.3.5 Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| DB2X-00-011300 - DB2 must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| O19C-00-001800 - Oracle Database must provide audit record generation capability for organization-defined auditable events within the database. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-BP-025800 - Changes to configuration options must be audited. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SQL2-00-019600 - SQL Server databases in the classified environment, containing classified or sensitive information, must be encrypted using approved cryptography. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-015350 - Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015400 - SQL Server software installation account(s) must be restricted to authorized users. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016500 - SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016600 - SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016700 - SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016810 - SQL Server must have the SQL Server Distributed Replay Controller software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016815 - SQL Server must have the Full-Text Search software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016820 - SQL Server must have the Master Data Services software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016830 - SQL Server must have the Data Quality Client software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-016845 - SQL Server must have the Client Tools SDK software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-031100 - SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-034200 - SQL Server must disable communication protocols not required for operation. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-034800 - SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-035400 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-039020 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL4-00-039100 - The SQL Server Browser service must be disabled if its use is not necessary.. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI). | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| vCenter : install-with-service-account | VMWare vSphere 5.X Hardening Guide | VMware | |
