| 1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.5 Ensure the Cassandra service is run as a non-root user | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 1.5 Ensure the Cassandra service is run as a non-root user | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 OS v1.3.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 OS v1.4.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 OS v1.3.0 | Windows | ACCESS CONTROL |
| 3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in Accounts | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
| 3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in Accounts | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 5.2 Ensure External File System Access is disabled - enable cis | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| EX16-ED-000320 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000128 - The Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-009500 - Administrative privileges, built-in server roles and built-in database roles must be assigned to the DBMS login accounts that require them via custom roles, and not directly. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-015800 - The OS must limit privileges to change SQL Server software resident within software libraries (including privileged programs) - 'binn' | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 85 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 86 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 87 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 90 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created - SCHEMA_OBJECT_ACCESS_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036600 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 82 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 84 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 85 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 86 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 87 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 89 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 90 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified - SCHEMA_OBJECT_ACCESS_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036650 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 83 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 85 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 88 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 90 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 91 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted - SCHEMA_OBJECT_ACCESS_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037300 - Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-005900 - The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-008200 - If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
