| 2.8 Ensure 'Scan for Startup Procs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'Named Pipes protocol is disabled' | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'TCP/IP protocol is disabled' | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.1 Ensure the 'USER' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.1 Ensure the 'USER' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.2 Ensure the 'ROLE' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure the 'SYSTEM GRANT' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure the 'SYSTEM GRANT' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.4 Ensure the 'PROFILE' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.8 Ensure the 'SYNONYM' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.9 Ensure the 'DIRECTORY' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.17 Ensure the 'TRIGGER' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.2.12 Ensure the 'CREATE DATABASE LINK' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 7.5 Ensure Databases are Encrypted with TDE | CIS Microsoft SQL Server 2019 v1.5.0 L2 Database Engine | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Microsoft_SQL_Server_2008_R2_v1.7.0_Level_1_OS.audit from CIS Microsoft SQL Server 2008 R2 Database | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | |
| CIS_Microsoft_SQL_Server_2012_Database_v1.6.0_Level_1_OS.audit from Microsoft SQL Server 2012 Database, version 1.6.0 | CIS SQL Server 2012 Database L1 OS v1.6.0 | Windows | |
| DISA_F5_BIG-IP_Device_Management_v2r4.audit from DISA F5 BIG-IP Device Management v2r4 STIG | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | |
| DISA_STIG_Adobe_Acrobat_Pro_DC_Classic_Track_v2r1.audit from DISA Adobe Acrobat Professional DC Classic Track v2r1 STIG | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | |
| DISA_STIG_Adobe_Acrobat_Pro_DC_Continuous_Track_v2r1.audit from DISA Adobe Acrobat Professional DC Continuous Track v2r1 STIG | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | |
| DISA_STIG_Adobe_Acrobat_Reader_DC_Classic_Track_v2r1.audit from DISA Adobe Acrobat Reader DC Classic Track v2r1 STIG | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | |
| DISA_STIG_Adobe_Acrobat_Reader_DC_Continuous_Track_v2r1.audit from DISA Adobe Acrobat Reader DC Continuous Track v2r1 STIG | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | |
| DISA_STIG_Apache_Site-2.2_Windows_v1r13.audit from DISA APACHE 2.2 Site for Windows v1r13 STIG | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| DISA_STIG_MongoDB_Enterprise_Advanced_3.x_DB_v2r3.audit from DISA MongoDB Enterprise Advanced 3.x v2r3 STIG | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB | MongoDB | |
| DISA_STIG_MongoDB_Enterprise_Advanced_4.x_DB_v1r4.audit from DISA MongoDB Enterprise Advanced 4.x v1r4 STIG | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | |
| DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r3.audit from DISA VMware vSphere 6.7 VAMI-lighttpd v1r3 STIG | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_EAM_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance EAM v1r2 STIG | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_RhttpProxy_v1r1.audit from DISA VMware vSphere 7.0 vCenter Appliance RhttpProxy v1r1 STIG | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_PostgreSQL_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance PostgreSQL v1r2 STIG | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_STS_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance STS v1r2 STIG | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Perfcharts_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | |
| O19C-00-001700 - Oracle Database must protect against an individual who uses a shared account falsely denying having performed a particular action. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-016700 - Oracle Database must preserve any organization-defined system state information in the event of a system failure. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C2-018200 - The DBMS must preserve any organization-defined system state information in the event of a system failure. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-018200 - The DBMS must preserve any organization-defined system state information in the event of a system failure. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-006600 - SQL Server must enforce access control policies to restrict the Alter any server audit permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-008200 - SQL Server must not grant users direct access to the Alter any database permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 103' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 131' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 152' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 153' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012100 - SQL Server must produce audit records containing sufficient information to establish the sources (origins) of the events - 'Event ID 175' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-017500 - SQL Server must recover to a known state that is verifiable. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SQL6-D0-003600 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-015900 - The system SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
