| 1.2 Ensure Single-Function Member Servers are Used | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.3.6 Ensure 'CREATE_PROCEDURE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.4.1 Ensure 'DELETE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.4.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | ACCESS CONTROL |
| 4.4.3 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.4.4 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 4.5 Configure Solaris Auditing - active audit policies = argv,cnt,zonename | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit condition = auditing | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile attributes: p_minfree=1; | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_flags root = lo,ad,ft,ex,cis:no | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies = argv,cnt,zonename | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure Proxy Users Have Only 'CONNECT' Privilege | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'SUCCESSFUL_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - FAILED_LOGIN_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUP | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.12 Enable 'SYNONYM' Audit Option | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.1.1 Ensure That a MySQL Instance Does Not Allow Anyone To Connect With Administrative Privileges | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| DO3538-ORACLE11 - The Oracle REMOTE_OS_AUTHENT parameter should be set to FALSE - 'remote_os_authent = false' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| SQL2-00-003300 - SQL Server must enforce access control policies to restrict the Create any database permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-004100 - SQL Server must enforce access control policies to restrict the View server state permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-004300 - SQL Server must enforce access control policies to restrict the Alter any linked server permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-004600 - SQL Server must enforce access control policies to restrict the Alter any availability group permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL4-00-016845 - SQL Server must have the Client Tools SDK software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 85 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 86 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 87 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 90 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-003800 - SQL Server must be configured to use the most-secure authentication method available. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
