| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7 Review suspend audit configuration when device is full | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.11 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.3.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.3.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.3.3 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Ensure 'SQL Server Browser Service' is configured correctly | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0079-ORACLE11 - DBMS login accounts require passwords to meet complexity requirements. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG7003-ORACLE11 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO0270-ORACLE11 - A minimum of two Oracle redo log groups/files should be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device - 'V$LOG count > 2' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| EP11-00-007300 - EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-004800 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EX19-ED-000238 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-001600 - The MySQL Database Server 8.0 must be configured to provide audit record generation capability for DoD-defined auditable events within all database components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003300 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-007400 - The MySQL Database Server 8.0 and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
| O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SHPT-00-000436 - SharePoint must protect audit information from unauthorized modification to trace data logs. | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-002900 - SQL Server must enforce access control policies to restrict the Alter any connection permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-004500 - SQL Server must enforce access control policies to restrict the Alter any login permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL4-00-013600 - The audit information produced by SQL Server must be protected from unauthorized read access. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013700 - The audit information produced by SQL Server must be protected from unauthorized modification. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-020500 - SQL Server must be configured to separate user functionality (including user interface services) from database management functionality - including UI services from database management functionality. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-031700 - SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL4-00-032800 - SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-035000 - The confidentiality and integrity of information managed by SQL Server must be maintained during preparation for transmission. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-006300 - SQL Server must protect its audit configuration from authorized and unauthorized access and modification. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-008200 - If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-009600 - The Service Master Key must be backed up and stored in a secure location that is not on the SQL Server. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-014600 - SQL Server must generate audit records when successful and unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-015400 - SQL Server must generate audit records when successful and unsuccessful accesses to objects occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-016700 - SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-018300 - Microsoft SQL Server products must be a version supported by the vendor. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
