| 1.7 (L1) Host integrated hardware management controller must enable remote logging of events | CIS VMware ESXi 8.0 v1.3.0 L1 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| 1.7 Audit Computer Name | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure security contact information is registered | CIS Amazon Web Services Foundations v7.0.0 L1 | amazon_aws | CONTINGENCY PLANNING, INCIDENT RESPONSE |
| 2.3.2 Ensure rsh client is not installed | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed - 'rsh-client' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed - 'rsh-client' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed - rsh-client | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-client | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-redone-client | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 2.14 Ensure the 'sa' Login Account has been renamed | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Create a user for the container | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 4.1 Create a user for the container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.1.3 Ensure rsh client is not installed - rsh-reload-client | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.3.0 L1 VMware | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 5.21 Ensure that the host's UTS namespace is not shared | CIS Docker v1.8.0 L1 OS Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.8 Audit AutoFill | CIS Apple macOS 15.0 Sequoia v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.3.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 9.23 Find SUID/SGID System Executables | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.23 Find SUID/SGID System Executables | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| Brocade - enable administrator account lockout | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Enable auditcfg | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enable SFTP IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enforce secure Config Upload/Download | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - minimum number of numeric digits set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - repeat characters must be set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - Review admin user listings | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Review Enabled Accounts | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - sequential characters must be set to 2 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - SNMPv3 trap targets are configured properly | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - SupportFTP parameters are set to SCP | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Switch Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| Ensure that multi-factor authentication is enabled for all accounts | Tenable Best Practices RackSpace v2.0.0 | Rackspace | IDENTIFICATION AND AUTHENTICATION |
| OpenStack Server Images | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| Rackspace Active Servers | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Database Backups - Every DB instance backed up since the last scan. | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
| Review the list of Current Rackspace Users | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Review the list of OpenStack Tenants | Tenable Best Practices OpenStack v2.0.0 | OpenStack | ACCESS CONTROL |
| Review the List of Rackspace Users with Admin Roles | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| UBTU-16-010680 - User accounts with temporary passwords, must require an immediate change to a permanent password after login. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
