| 1.3 Disable MySQL Command History - .mysql_history | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History - ~/.mysql_history | CIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 4.6 (L1) Host must enable audit record logging | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| Adtran : Device Info | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Audit system file permissions - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CIS_SUSE_Linux_Enterprise_12_v3.2.1_L1_Workstation.audit from CIS SUSE Linux Enterprise 12 Benchmark v3.2.1 | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | |
| CIS_SUSE_Linux_Enterprise_12_v3.2.1_L2_Server.audit from CIS SUSE Linux Enterprise 12 Benchmark v3.2.1 | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Server | Unix | |
| CIS_SUSE_Linux_Enterprise_12_v3.2.1_L2_Workstation.audit from CIS SUSE Linux Enterprise 12 Benchmark v3.2.1 | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Workstation | Unix | |
| CIS_SUSE_Linux_Enterprise_15_v2.0.0_L1_Workstation.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0 | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | |
| CIS_SUSE_Linux_Enterprise_15_v2.0.0_L2_Server.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0 | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Server | Unix | |
| CIS_SUSE_Linux_Enterprise_Server_11_v2.1.1_L1.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | |
| CIS_SUSE_Linux_Enterprise_Server_11_v2.1.1_L2.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | |
| CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.1_L1.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | |
| CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.1_L2.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure Avahi Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure DNS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure FTP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure GDM login banner is configured - banner-message-text | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure GDM login banner is configured - file-db | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure LDAP client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure Reverse Path Filtering is enabled - sysctl ipv4 all rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure Reverse Path Filtering is enabled - sysctl ipv4 default rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure SNMP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure SSH MaxAuthTries is set to 4 or less | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure TCP Wrappers is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-003031 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-002410 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IBM i : Auditing Force Level (QAUDFRCLVL) - '*SYS' | IBM System i Security Reference for V7R3 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Automatic Device Configuration (QAUTOCFG) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Device Recovery Action (QDEVRCYACN) - '*DSCMSG' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Password Expiration Warning (QPWDEXPWRN) - '<=14' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote Service Attribute (QRMTSRVATR) - '0' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Restricted Characters for Passwords (QPWDLMTCHR) | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Retain Server Security (QRETSVRSEC) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Scan File Systems (QSCANFS) - '*ROOTOPNUD' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Share Memory Control (QSHRMEMCTL) - '1' | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND INFORMATION INTEGRITY |
| SLES-15-040220 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
