| 1.2 Review the default login | CIS Sybase 15.0 L1 OS Windows v1.1.0 | Windows | ACCESS CONTROL |
| 1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.3.10 Ensure Media Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.7 Lock Out Accounts if Not Currently in Use | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 2.7 Lock Out Accounts if Not Currently in Use | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.8 Lock Out Accounts if Not Currently in Use | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 2.10 Ensure the default cgroup usage has been confirmed | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.11 Lock Out Accounts if Not Currently in Use | CIS MySQL 8.0 Community Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 2.11 Lock Out Accounts if Not Currently in Use | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | ACCESS CONTROL |
| 3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure that object-level logging for write events is enabled for S3 buckets | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 3.9 Ensure that object-level logging for read events is enabled for S3 buckets | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure Logging Service is Running | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 4.3 Ensure usage of the 'root' account is monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.11 Ensure Network Access Control List (NACL) changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.13 Ensure route table changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.6 Ensure Cloudwatch Log Group for Web Tier has a retention period | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure Root Domain Alias Record Points to ELB | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.8 Run a host and/or network-based packet firewall | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 6.9 Ensure Elastic IPs for the NAT Gateways are allocated | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.13 Ensure Routing Table associated with Web tier ELB subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.14 Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.15 Ensure Routing Table associated with App tier subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.21 Create the App tier ELB Security Group and ensure only accepts HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.27 Ensure EC2 instances within Web Tier have no Elastic / Public IP addresses associated | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.28 Ensure EC2 instances within App Tier have no Elastic / Public IP addresses associated | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.30 Ensure RDS Database is not publically accessible | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.22 Find SUID/SGID System Executables | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.22 Find SUID/SGID System Executables | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.23 Find SUID/SGID System Executables | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.23 Find SUID/SGID System Executables | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| EX13-EG-000180 - The Exchange Sender filter must block unaccepted domains. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000360 - The Exchange Sender filter must block unaccepted domains. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000126 - The Exchange sender filter must block unaccepted domains. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-070160 - User .netrc files must not exist. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-070160 - User .netrc files must not exist. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
