| 1.7 Ensure all Customer owned Amazon Machine Images for Web Tier are not shared publicly | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 1.8 Ensure all Customer owned Amazon Machine Images for Application Tier are not shared publicly | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 2.1.1 Ensure "Set time and date automatically" Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure "Set time and date automatically" Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure that encryption-at-rest is enabled for RDS instances | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.1 Ensure Set Time and Date Automatically Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.1 Ensure Set Time and Date Automatically Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.4 Ensure Multi-AZ deployments are used for enhanced availability in Amazon RDS | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure 'Cross DB Ownership Chaining' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3 Ensure 'Cross DB Ownership Chaining' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.2.1 Ensure Set Time and Date Automatically Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2.1 Ensure Set Time and Date Automatically Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2.1 Ensure Set Time and Date Automatically Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.4.12 Ensure Media Sharing Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.12 Ensure Media Sharing Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure Relational Database Service is Multi-AZ Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 3.10 Ensure S3 buckets have versioning enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONTINGENCY PLANNING |
| 3.15 (L1) Host must be configured with an appropriate maximum password age | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 3.127 - IPSec Exemptions are limited. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.3 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 4.8 Ensure S3 bucket policy changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.10 Ensure security group changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.4 Ensure no security groups allow ingress from ::/0 to remote server administration ports | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6 Ensure routing tables for VPC peering are "least access" | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.3 (L1) Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.23 Find SUID/SGID System Executables | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| Access Security - J-Web - Terminate idle connections by setting the idle-time value | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| Console Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| Default Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| DNS Profile - Address - DNS Server 2 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enforce Password Change Interval | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| EX16-ED-000360 - The Exchange Sender filter must block unaccepted domains. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Fabric Security - Policy - FIPS Mode | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| First Hop Security - Source Guard - Admin Status | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| Include Logout in Session Records | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| Management Access Policy - SSH - MACs - hmac-sha1 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Remote Location - Protocol | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| Remote user login policy | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| SOL-11.1-070080 - All user accounts must be configured to use a home directory that exists. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-070080 - All user accounts must be configured to use a home directory that exists. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-070190 - All valid SUID/SGID files must be documented. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| Syslog - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
