| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.2.11 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set To 'REQUIRED' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.27 (L1) Ensure 'Lock pages in memory' is set to 'No One' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Protocols | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 - Login and Password Parameters - Account Maximum Failed Attempts <= 5 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Delay after failed login <= 4 seconds | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Delay between password changes <= 1 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Hash Algorithm SHA512 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Password Expiration Time <=90 days | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | IDENTIFICATION AND AUTHENTICATION |
| 3.4 - Login and Password Parameters - Password expiration warning | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | IDENTIFICATION AND AUTHENTICATION |
| 3.4 - Login and Password Parameters - Password minimum digits <= 1 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Password Minimum Length >= 8 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Password Minimum Special Characters >= 1 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Password Require Initial Update = true | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 3.4 - Login and Password Parameters - Username Minimum Lenth >= 3 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" Packages | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.3 Ensure password reuse is limited | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.13 Secure the GRUB Menu - should pass if /boot/grub/menu.lst permissions are OK. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 9 - Deployment Scanner | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 10 - Enable SSL Connector | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 12.10 Oracle file locations - 'Separate for performance' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 60.1 (L2) Ensure 'Enable news and interests' is set to 'Not Allowed' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-009700 - AlmaLinux OS 9 must ensure cryptographic verification of vendor software packages. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | |
| DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO6751-ORACLE11 - The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 11 or higher - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.ALLOWED_LOGON_VERSION > 11' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| O112-N1-015602 - When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative login method that does not expose the password. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O121-BP-026600 - Network client connections must be restricted to supported versions. | DISA STIG Oracle 12c v3r2 Linux | Unix | CONFIGURATION MANAGEMENT |
| O121-N1-015602 - When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative logon method that does not expose the password. | DISA STIG Oracle 12c v3r2 Windows | Windows | CONFIGURATION MANAGEMENT |
| OL07-00-040000 - The Oracle Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v85 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v86 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Microsoft Edge Version 80 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v84 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v87 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v84 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v85 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v86 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v87 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Microsoft Edge Version 80 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-255100 - RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000450 - Symantec ProxySG providing forward proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000450 - Symantec ProxySG providing forward proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. - Source | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
