| 1.6.5 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.28 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.132 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | CIS Microsoft Intune for Edge v1.0.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.133 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.2 Dedicate the Machine Running MySQL | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L2 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Require Current Password for Password Reset | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_CHMOD : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHMOD : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_LCHOWN : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.1 - Storage Administrative System Auditing - Log Forwarding protocol tcp-encrypted | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 10.1 Ensure All Group Replication Traffic is Secured | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.1 Ensure All Group Replication Traffic is Secured | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.1 Ensure All Group Replication Traffic is Secured | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 24.1 (L1) Ensure 'Configure System Guard Launch' is set to 'Unmanaged Enables Secure Launch if supported by hardware' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-11-002300 - Google Android 11 must be configured to disable trust agents. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-002300 - The Honeywell Mobility Edge Android Pie device must be configured to disable trust agents. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-002300 - Motorola Solutions Android 11 must be configured to disable trust agents. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MYS8-00-001600 - The MySQL Database Server 8.0 must be configured to provide audit record generation capability for DoD-defined auditable events within all database components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002000 - The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002300 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002800 - The MySQL Database Server 8.0 must generate audit records when security objects are modified. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003400 - The MySQL Database Server 8.0 must generate audit records when security objects are deleted. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004400 - The MySQL Database Server 8.0 must be able to generate audit records when successful accesses to objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-006000 - The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MYS8-00-007200 - The MySQL Database Server 8.0 must protect the confidentiality and integrity of all information at rest. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-007800 - The MySQL Database Server 8.0 must initiate session auditing upon startup. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-011900 - The MySQL Database Server 8.0 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
