| 2.1.6 Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.02 Version/Patches - 'Ensure the latest version of Oracle software and patches have been applied' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Turn off TRACE | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.5 Review User-Defined Roles | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - hostManager | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.10 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.19 Only enable SNMP if absolutely necessary - Ensure file /etc/rc3.d/S76snmpdx does NOT exist. | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Rebuild the images to include security patches | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Use better TCP sequence numbers - Check if 'TCP_STRONG_ISS' is set to 2 in /etc/init.d/netconfig. | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 4 L2 OS Windows v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure that the HTTP status interface is disabled | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3.1.1 Ensure auditd packages are installed | CIS Rocky Linux 8 v3.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.1.1 Ensure auditd packages are installed | CIS AlmaLinux OS 10 v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.1.1 Ensure auditd packages are installed | CIS Red Hat Enterprise Linux 10 v1.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.1.1 Ensure auditd packages are installed | CIS Oracle Linux 10 v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Ensure that the HTTP interface is disabled | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.5 Ensure that the HTTP interface is disabled | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Ensure that JSONP access via an HTTP interface is disabled | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure appropriate database file permissions are set. | CIS MongoDB 7 v1.2.0 L1 Windows | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure appropriate database file permissions are set. | CIS MongoDB 8 v1.0.0 L1 Windows | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.8 Set default locking screensaver timeout, Check if 'dtsession*saverTimeout' is set to 10. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 9.4 Create warnings for FTP daemon, Check if /etc/ftpd/banner.msg is set appropriately (Solaris 2.6 or later) | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvclean.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvscan.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD3X-00-000280 - Unused database components, DBMS software, and database objects must be removed. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | CONFIGURATION MANAGEMENT |
| MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MD4X-00-000400 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| MD7X-00-002300 MongoDB must protect its audit features from unauthorized access. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001731 - The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.administration-sso-password-policy | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
