| 1.5 Ensure all EBS volumes for Web-Tier are encrypted | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Eliminate use of the 'root' user for administrative and daily tasks | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL |
| 1.6 Ensure all EBS volumes for App-Tier are encrypted | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure IAM password policy requires minimum length of 14 or greater | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | IDENTIFICATION AND AUTHENTICATION |
| 1.12 Ensure 'Smart Lock' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 3.1.13 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.13 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.3.4 Ensure users must provide password for escalation | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Rocky Linux 8 Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.4 Ensure users must provide password for escalation | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure users must provide password for escalation | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure users must provide password for escalation | CIS Fedora 28 Family Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure users must provide password for escalation | CIS CentOS Linux 8 Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure users must provide password for escalation | CIS Fedora 28 Family Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 6.5 Ensure subnets for the Web tier ELB are created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.8 Ensure subnets for the Data tier are created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet2 | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.18 Ensure that all zones have Zone Prot Profiles with all Recon Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 7.3 Computer Name Considerations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.3 Computer Name Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.3 Computer Name Considerations | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.3 Computer Name Considerations | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 9.23 Find Un-owned Files and Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.23 Find Un-owned Files and Directories | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.24 Find Un-owned Files and Directories | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| EX13-MB-000160 - Exchange Mail Quota settings must not restrict receiving mail. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000300 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000300 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000650 - The Juniper EX switch must be configured to conduct backups of system level information contained in the information system when changes occur. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| JUNI-ND-001400 - The Juniper router must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Path | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner - Username | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| SYMP-NM-000190 - Symantec ProxySG must support organizational requirements to conduct backups of system level information contained in the ProxySG when changes occur or weekly, whichever is sooner. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| vNetwork : verify-vlan-id | VMWare vSphere 5.X Hardening Guide | VMware | |
| WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
