| 3.2.1 TCP/IP service name - svcename | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 4.4.20 Ensure 'directoryBrowsingEnabled' is set to 'false' for web applications | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | MEDIA PROTECTION |
| 5.5.1.8 Ensure password expiration is 60 Day maximum for existing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.31 Don't use the default VPC | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | |
| Adtran : Device Info | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| CIS_SUSE_Linux_Enterprise_15_v2.0.0_L1_Workstation.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0 | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | |
| CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.1_L2.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | |
| DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EX13-EG-003016 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-MB-003031 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000550 - Exchange must have antispam filtering configured. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000142 - Exchange must have anti-spam filtering configured. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Extreme : License Info | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
| IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Automatic Device Configuration (QAUTOCFG) - '0' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Block Password Change (QPWDCHGBLK) - '>=48' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Device Recovery Action (QDEVRCYACN) - '*DSCMSG' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Device Recovery Action (QDEVRCYACN) - '*DSCMSG' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Display Sign-On Information (QDSPSGNINF) - '1' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Limit Device Sessions (QLMTDEVSSN) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Device Sessions (QLMTDEVSSN) - '1' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Maximum Length of Passwords (QPWDMAXLEN) - '>=8' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Password Approval Program (QPWDVLDPGM) - '*NONE' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Password Approval Program (QPWDVLDPGM) - '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Password Expiration Interval (QPWDEXPITV) - '90' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote Service Attribute (QRMTSRVATR) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Restricted Characters for Passwords (QPWDLMTCHR) | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Retain Server Security (QRETSVRSEC) - '1' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Scan File Systems (QSCANFS) - '*ROOTOPNUD' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Use Adopted Authority (QUSEADPAUT) - AUTH_LIST_NAME | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication. | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 14' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 15' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 20' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 109' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 118' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 129' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 132' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| WatchGuard : Review ABS Policy Listing | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | ACCESS CONTROL |
