| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 13 v1.3.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 15 v1.2.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 14 OS v 1.3.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 16 v1.1.0 L1 OS Linux Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5.2.2 Limit Login Attempts | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL |
| 2.02 Version/Patches - 'Ensure the latest version of Oracle software is being used, and the latest patches are from Metalink are applied' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 2.2.6 Ensure 'SQLNET.ENCRYPTION_CLIENT Is Set To 'REQUIRED' | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Linux Host OS Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.6 Ensure 'SQLNET.ENCRYPTION_CLIENT Is Set To 'REQUIRED' | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Windows Server Host OS Windows | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.6 Ensure 'SQLNET.ENCRYPTION_CLIENT Is Set To 'REQUIRED' | CIS Oracle Database 19c v2.0.0 L1 RDBMS On Host OS Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.6 Ensure 'SQLNET.ENCRYPTION_CLIENT Is Set To 'REQUIRED' | CIS Oracle Database 19c v2.0.0 L1 RDBMS On Host OS Windows | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Ensure the logging collector is enabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure images are scanned and rebuilt to include security patches | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Ensure Password Complexity is configured | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| 9.6 Configure 'Do not display the reveal password button' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.6 Ensure root PATH Integrity, No '.' In root's $PATH | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 9.6 Secure the permission of the IBMLDAPSecurity.ini file | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 12.18 Location of development database - 'Separate server from production database' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.19 Network location of production and development databases - 'Separate' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| CD12-00-009100 - Access to external executables must be disabled or restricted. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CD12-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXi.firewall-restrict-access | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000160 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000320 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000120 - Exchange Message size restrictions must be controlled on receive connectors. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| JUSX-AG-000128 - The Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_info' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-002900 - The EDB Postgres Advanced Server must protect its audit features from unauthorized access. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-DC-000290 - Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000290 - Windows Server 2019 domain controller PKI certificates must be issued by the DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-DC-000290 - Windows Server 2025 domain Controller PKI certificates must be issued by the DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
