| 1.15 Ensure IAM policies that allow full "*:*" administrative privileges are not attached | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL |
| 2.1 Ensure IAM Policy for EC2 IAM Roles for Web tier is configured | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 2.1.1.4 Audit Security Keys Used With Apple Accounts | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure AutoScaling Group Launch Configuration for App Tier is configured to use an App-Tier IAM Role | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 2.8 Ensure an IAM policy that allows admin privileges for all services used is created - Review Policy Document | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 2.8 Protocol Access Controls - 'rsh.access has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'telnet.access has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 3.1.12 Ensure the correct messages are sent to the database client | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 4.8 Ensure Billing Alerts are enabled for increments of X spend | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | |
| 7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 8.11 (L2) VMware Tools must deactivate Service Discovery unless required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 9.2 Check for Duplicate User Names | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.17 Check for Duplicate User Names | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.17 Check That Reserved UIDs Are Assigned to System Accounts | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.18 Check for Duplicate Group Names | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.18 Check for Duplicate Group Names | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 9.18 Check for Duplicate User Names | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.19 Check for Duplicate Group Names | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.19 Check for Duplicate Group Names | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.19 Check for Presence of User .netrc Files | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.19 Check for Presence of User .netrc Files | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.20 Check for Presence of User .forward Files | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.20 Check for Presence of User .forward Files | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.20 Check for Presence of User .netrc Files | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.20 Check for Presence of User .netrc Files | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.21 Check for Presence of User .forward Files | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| CASA-VN-000360 - The Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| DTBC-0030 - Incognito mode must be disabled. | DISA STIG Google Chrome v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000310 - The Exchange Internet Receive connector connections count must be set to default. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000310 - The Exchange Internet Receive connector connections count must be set to default. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000131 - The Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000003 - The Juniper SRX Services Gateway VPN must renegotiate the IKE security association after 24 hours or less. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| TNS_Best_Practices_Jetty_9_v1.0.0.audit | TNS Best Practice Jetty 9 Linux | Unix | |
| TNS_IBM_HTTP_Server_Best_Practice.audit | TNS IBM HTTP Server Best Practice | Windows | |
| TNS_IBM_HTTP_Server_Linux_Best_Practice.audit | TNS IBM HTTP Server Best Practice | Unix | |
| VCEM-70-000030 - ESX Agent Manager must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000031 - Lookup Service must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000030 - Performance Charts must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-70-000033 - Performance Charts must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000030 - The Security Token Service must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000030 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000032 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-03-000127 - Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities. | Oracle WebLogic Server 12c Linux v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000970 - The WebSphere Application Server must disable JSP class reloading. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
