| 1.2.3 Limit SSH Login Attempts to 3 or less | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6.5 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 2.1.5 Disaster Recovery (DR) Plan | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | CONTINGENCY PLANNING |
| 2.1.5 Point-in-Time Recovery | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | CONTINGENCY PLANNING |
| 2.1.6 Disaster recovery plan | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | CONTINGENCY PLANNING |
| 2.8 Lock Out Accounts if Not Currently in Use | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.13 Require Client-Side Certificates (X.509) | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Require Client-Side Certificates (X.509) | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Create a non-root user account for local admin access | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose' | CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose' | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure Encryption of Data in Transit TLS/SSL (Transport Encryption) | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure Encryption of Data in Transit TLS/SSL (Transport Encryption) | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure that a user for the container has been created | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL |
| 4.4 Defend against Denial of Service Attacks | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 4.10 Use MySQL TDE for At-Rest Data Encryption | CIS MySQL 8.0 Community Database L2 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 - Storage Administrative System Auditing - Log Forwarding protocol tcp-encrypted | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | AUDIT AND ACCOUNTABILITY |
| 5.1 (L1) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 (L1) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 15 OS v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.7 Ensure pwd_algorithm is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.1.2 Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3 Ensure 'log_error_verbosity' is Set to '2' | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.3 Ensure 'log_error_verbosity' is Set to '2' | CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 Database | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.3 Ensure 'log_warnings' is Set to '2' | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure 'log-raw' is Set to 'OFF' | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | MEDIA PROTECTION |
| 6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES' | CIS MySQL 8.0 Community Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES' | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3 Ensure 'master_info_repository' Is Set to 'TABLE' - TABLE | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| GOOG-11-002300 - Google Android 11 must be configured to disable trust agents. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004600 - The MySQL Database Server 8.0 must generate audit records for all direct access to the database(s). | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-007800 - The MySQL Database Server 8.0 must initiate session auditing upon startup. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
