| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Disable Apache Service | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Logging - 'auditlog.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 2.6 Turn off TRACE | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB Database Audit L1 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a Least Privileges, dedicated service account | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - readWriteAnyDatabase | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Scan and rebuild the images to include security patches | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 19c v2.0.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 23ai v1.1.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.1.1 Ensure auditd packages are installed | CIS Red Hat Enterprise Linux 8 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.1.1 Ensure auditd packages are installed | CIS Red Hat Enterprise Linux 8 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure that the REST API is disabled | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure that the REST API is disabled | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2025 v1.0.0 L1 Database Engine MS_SQLDB | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 12.18 Location of development database - 'Separate server from production database' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.32 Distribution of tnsnames.ora files to clients - 'Include only tnsnames.ora when distributing to clients' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| AZLX-23-001025 - Amazon Linux 2023 must have the audit package installed. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule env_module' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice | Windows | |
| HTTP TRACE method should be disabled. 'RewriteEngine' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY |
| MaxClients parameter value should be configured to appropriate value. | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxKeepAliveRequests parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000220 - MongoDB must protect its audit features from unauthorized access. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| MD8X-00-002500 - MongoDB software installation account must be restricted to authorized users. | DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix | Unix | CONFIGURATION MANAGEMENT |
| MD8X-00-012700 - MongoDB must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization. | DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_autoindex' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
| WN12-PK-000007-DC - PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
