| 1.39 WN19-00-000390 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.97 WN19-CC-000030 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT III | Windows | CONFIGURATION MANAGEMENT |
| 1.115 WN19-CC-000220 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.123 WN19-CC-000300 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | ACCESS CONTROL |
| 1.123 WN19-CC-000300 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 1.133 WN19-CC-000400 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.135 WN19-CC-000420 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 1.140 WN19-CC-000470 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I | Windows | ACCESS CONTROL |
| 1.143 WN19-CC-000500 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I | Windows | ACCESS CONTROL |
| 1.228 WN19-SO-000210 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.228 WN19-SO-000210 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.253 WN19-UC-000010 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure 'SQLNET.ENCRYPTION_TYPES_CLIENT' Is Set To 'AES256' | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Linux Host OS Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.8 Ensure 'SQLNET.ENCRYPTION_TYPES_CLIENT' Is Set To 'AES256' | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Windows Server Host OS Windows | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.9 Ensure 'SQLNET.ENCRYPTION_TYPES_SERVER' Is Set To AES256 | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Windows Server Host OS Windows | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS Microsoft SQL Server 2025 v1.0.0 L1 Database Engine MS_SQLDB | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 6.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS Microsoft SQL Server 2025 v1.0.0 L1 Database Engine MS_SQLDB | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-006700 - MariaDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects, and objects. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | ACCESS CONTROL |
| SQL2-00-003800 - SQL Server must enforce access control policies to restrict the Control server permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-005300 - SQL Server must not grant users direct control to the Alter any event session permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007000 - SQL Server must enforce access control policies to restrict the Create server role permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007600 - SQL Server must not grant users direct access to the Alter any event notification permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-011800 - SQL Server must produce audit records containing sufficient information to establish what type of events occurred - 'Event ID 103' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011800 - SQL Server must produce audit records containing sufficient information to establish what type of events occurred - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011800 - SQL Server must produce audit records containing sufficient information to establish what type of events occurred - 'Event ID 115' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011800 - SQL Server must produce audit records containing sufficient information to establish what type of events occurred - 'Event ID 172' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 18' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 105' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 107' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 133' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 135' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 170' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011900 - SQL Server must produce audit records containing sufficient information to establish when (date and time) the events occurred - 'Event ID 175' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 103' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 109' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 113' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 115' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 116' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 117' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 131' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 135' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012400 - SQL Server must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject - 'Event ID 177' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-034200 - SQL Server must disable communication protocols not required for operation. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 84 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037400 - Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur - Event ID 89 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-001300 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be owned by database/DBMS principals authorized for ownership. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017200 - Remote Access feature must be disabled, unless specifically required and approved. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
