| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.1 Ensure 'MUST_CHANGE' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1.15 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_INADDR' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.2.11 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_DBMS_SQL' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.2.12 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_EXECUTE_IMMEDIATE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.5 Configure Solaris Auditing - active audit policies = argv,cnt,zonename | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile attributes: p_minfree=1; | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies = argv,cnt,zonename | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 Enable 'ALTER USER' Audit Option | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Enable 'DROP USER' Audit Option | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 5.9 Enable 'DATABASE LINK' Audit Option | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 5.13 Enable 'GRANT DIRECTORY' Audit Option | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.2 Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.21 Restrict Access to SYSCAT.STATEMENTS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| DO3685-ORACLE11 - The Oracle O7_DICTIONARY_ACCESSIBILITY parameter should be set to FALSE - 'O7_dictionary_accessibility = false' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| SQL2-00-002400 - SQL Server must enforce access control policies to restrict the Alter any event session permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-002500 - SQL Server must enforce access control policies to restrict the Alter any event notification permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-002600 - SQL Server must enforce access control policies to restrict the Alter any endpoint permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-002700 - SQL Server must enforce access control policies to restrict the Alter any database permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-002800 - SQL Server must enforce access control policies to restrict the Alter any credential permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-002900 - SQL Server must enforce access control policies to restrict the Alter any connection permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-003600 - SQL Server must enforce access control policies to restrict the Alter any server role permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-004500 - SQL Server must enforce access control policies to restrict the Alter any login permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-006600 - SQL Server must enforce access control policies to restrict the Alter any server audit permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007900 - SQL Server must not grant users direct access control to the Alter Any Availability Group permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-020100 - SQL Server must protect the integrity of publicly available information and applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-025100 - The OS must limit privileges to the SQL Server Data Root directory and its subordinate directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-025300 - The OS must limit privileges to the SQL Server backup directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL4-00-015200 - SQL Server must be monitored to discover unauthorized changes to stored procedures. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-016820 - SQL Server must have the Master Data Services software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 82 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-016700 - SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-016700 - SQL Server execute permissions to access the registry must be revoked unless specifically required and approved. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
