| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Disable MySQL Command History | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | MEDIA PROTECTION |
| 1.3 Disable MySQL Command History | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | MEDIA PROTECTION |
| 1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 14 OS v 1.2.0 | Unix | MEDIA PROTECTION |
| 2.3 Disable PostgreSQL Command History | CIS PostgreSQL 13 OS v1.2.0 | Unix | MEDIA PROTECTION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| BIND-9X-001070 - A BIND 9.x master name server must limit the number of concurrent zone transfers between authorized secondary name servers. | DISA BIND 9.x STIG v2r3 | Unix | ACCESS CONTROL |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_STIG.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | |
| DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001880 - The Docker Enterprise self-signed certificates in Docker Trusted Registry (DTR) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001920 - Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001930 - An appropriate AppArmor profile must be enabled on Ubuntu systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-004260 - Only trusted, signed images must be stored in Docker Trusted Registry (DTR) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| IBM i : Action When Sign-On Attempts Reached (QMAXSGNACN) - '3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Character Position Difference for Passwords (QPWDPOSDIF) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Character Position Difference for Passwords (QPWDPOSDIF) - '0' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Disconnected Job Time-Out Interval (QDSCJOBITV) - '<=120' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Display Sign-On Information (QDSPSGNINF) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Inactive Job Time-Out Interval (QINACTITV) - '60' | IBM System i Security Reference for V7R3 | AS/400 | ACCESS CONTROL |
| IBM i : Maximum Length of Passwords (QPWDMAXLEN) - '>=8' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Maximum Sign-On Attempts (QMAXSIGN) - '<=3' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=7' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Restriction of Repeated Characters for Passwords (QPWDLMTREP) - '1' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Scan File Systems Control (QSCANFSCTL)- '*NONE' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Secure Sockets Layer (SSL) cipher specification list (QSSLCSL) | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM i : Secure Sockets Layer (SSL) protocols (QSSLPCL) - '*OPSYS' | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM i : Verify Object on Restore (QVFYOBJRST) - '3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | SYSTEM AND INFORMATION INTEGRITY |
| IBM i : Verify Object on Restore (QVFYOBJRST) - '3' | IBM System i Security Reference for V7R2 | AS/400 | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-020019 - The Red Hat Enterprise Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-030530 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010170 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
