| 1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure nosuid option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.15 Ensure nodev option set on /dev/shm partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.16 Ensure nosuid option set on /dev/shm partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure authentication required for single user mode - rescue.service | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.5 Ensure permissions on /etc/issue are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.2 Ensure ntp is configured - restrict -6 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs-server status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - rpcbind | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure HTTP server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.11 Ensure IMAP and POP3 server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure SNMP Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure telnet server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - sysctl.conf sysctl.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_ra | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure permissions on /etc/hosts.allow are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.1 Ensure DCCP is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure IPv6 firewall rules exist for all open ports | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.1 Ensure rsyslog Service is enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.8 Ensure SSH IgnoreRhosts is enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.1 Ensure password creation requirements are configured - dcredit | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - ocredit | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - ucredit | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.3 Ensure password reuse is limited - system-auth | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - users | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Ensure 'Attack Vectors' Runtime Parameters are Configured | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.1.5 Ensure permissions on /etc/gshadow are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.1 Ensure password fields are not empty | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.7 Ensure all users' home directories exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO189 - The encryption type for password protected Open XML files must be set. | DISA Microsoft Office System 2016 STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office Open XML files | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| MYS8-00-011600 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
