| 6.1.5 Ensure the file integrity tool is configured to verify ACLs | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 13 - Disable stacktrace in response body | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 16 - ORB Subsystem - Initializers On | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Disable SSID Broadcast | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Disable Telnet | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Ensure a trusted, secondary DNS server is set | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Ensure the default 'admin' username is not used | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : Forward logs to syslog server | TNS Adtran AOS Best Practice Audit | Adtran | AUDIT AND ACCOUNTABILITY |
| Adtran : Password Policy - no weak passwords | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Secure Web Access - HTTP disabled | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Set 'login' Banner | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : SNMPv3 is used | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_include' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_userdir' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Compute - strict permissions set for Compute configuration files - /etc/nova/nova.conf | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - disable_password_reveal parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - password_autocomplete parameter set to off | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - user/group of config files set to root/horizon - /etc/openstack-dashboard/local_settings.py | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - Disable admin token in /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/logging.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/ssl/certs/signing_cert.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - user/group ownership of config files set to root/neutron - /etc/neutron/policy.json | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Consumer Key' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Consumer Secret' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Execution User ID' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain Error URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Consumer Key' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Authorize Endpoint URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Send Access Token in Header' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : CronTrigger - 'Cron Jobs with Status of ERROR' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'AddressInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Object Permissions - 'DefaultCalendarAccess should not be Show Details or Show Details and Add Events' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'invalid login attempts <= 5' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'Enable CSRF protection on POST requests on non-setup pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Setting Session Security - 'Force logout on timeout = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'PermissionsPasswordNeverExpires = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'Review Force.com Flow Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| SalesForce.com : Setting Session Security - 'Review Inactive Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Site.com Contributor User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Wireless User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Use POST requests for cross-domain sessions = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| SalesForce.com : User Permissions - 'Review Active System Administrators' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| StartServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Server | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| UBTU-22-255060 - Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | ACCESS CONTROL |
| User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
| User IDs which disclose the privileges associated with it, should not be created. 'nologin' | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
