| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 18c Windows v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 18c Linux v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'Named Pipes protocol is disabled' | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'Shared Memory protocol is disabled' | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'TCP/IP protocol is disabled' | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.10 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'VIA protocol is disabled' | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Ensure Relational Database Service Instances have Auto Minor Version Upgrade Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.2 Ensure the 'ROLE' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure the 'SYSTEM GRANT' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.12 Ensure the 'GRANT ANY PRIVILEGE' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.13 Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.13 Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.13 Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 7.5 Ensure Databases are Encrypted with TDE | CIS Microsoft SQL Server 2019 v1.5.0 L2 Database Engine | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Mozilla_Firefox_v6r6_Windows.audit from DISA Mozilla Firefox v6r6 STIG | DISA STIG Mozilla Firefox Windows v6r6 | Windows | |
| Ensure that the 'max_connect_errors' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_user_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'sql_mode' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'wait_timeout' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AS-000161 - To protect against data mining, The BIG-IP ASM module must be configured to prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | ACCESS CONTROL |
| MYS8-00-007300 - The MySQL Database Server 8.0 must check the validity of all data inputs except those specifically identified by the organization. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
| O19C-00-016700 - Oracle Database must preserve any organization-defined system state information in the event of a system failure. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-N2-008601 - Disk space used by audit trail(s) must be monitored; audit records must be regularly or continuously offloaded to a centralized log management system. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O112-P3-006200 - The DBMS must protect against an individual using a group account from falsely denying having performed a particular action. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SQL2-00-004400 - SQL Server must not grant users direct access to the View Any Database permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-005900 - SQL Server must not grant users direct access to the Create any database permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-006600 - SQL Server must enforce access control policies to restrict the Alter any server audit permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 104' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 105' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 111' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 130' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 133' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 134' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 135' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 175' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 176' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-017500 - SQL Server must recover to a known state that is verifiable. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SQL2-00-022700 - SQL Server must identify potential security-relevant error conditions. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-030300 - SQL Server authentication and identity management must be integrated with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL4-00-038700 - SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
