| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Disable MySQL Command History | CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 OS Linux | Unix | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History | CIS MySQL 8.0 Enterprise Linux OS L2 v1.4.0 | Unix | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History - .mysql_history | CIS MySQL 5.7 Community Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History - .mysql_history | CIS MySQL 5.7 Enterprise Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History - ~/.mysql_history | CIS MySQL 5.7 Community Linux OS L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | MEDIA PROTECTION |
| 3.1.12 Ensure the correct messages are sent to the database client | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file deletion events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed login/logout events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.2 Ensure minimum days between password changes is configured - password shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvclean.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvscan.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure source routed packets are not accepted - sysctl ipv4 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure successful file system mounts are collected - auditctl b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - sysctl ipv4 all log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure talk client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk server is not enabled - ntalk | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure telnet client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure telnet client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure the MCS Translation Service (mcstrans) is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Display Sign-On Information (QDSPSGNINF) - '1' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Maximum Length of Passwords (QPWDMAXLEN) - '>=8' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Maximum Sign-On Attempts (QMAXSIGN) - '<=3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Maximum Sign-On Attempts (QMAXSIGN) - '<=3' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=6' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Scan File Systems Control (QSCANFSCTL)- '*NONE' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Scan File Systems Control (QSCANFSCTL)- '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Verify Object on Restore (QVFYOBJRST) - '3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | SYSTEM AND INFORMATION INTEGRITY |
| Lockout for failed password attempts - 'auth sufficient pam_unix.so' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
