| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Single-Function Member Servers are Used | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Remove telnet-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'OS', 'DB', 'XML', 'DB,EXTENDED', or 'XML,EXTENDED' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16 Ensure 'xp_cmdshell' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 OS v1.4.0 | Windows | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 OS v1.3.0 | Windows | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2022 Database L1 OS v1.1.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 5.2 Ensure External File System Access is disabled - enable file access | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015610 - In a database owned by [sa], or by any other login having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015620 - In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015800 - The OS must limit privileges to change SQL Server software resident within software libraries (including privileged programs) - '\110\Shared' | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SQL2-00-024600 - Domain accounts used to manage a SQL Server platform must be different from those used to manage other platforms. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-025100 - The OS must limit privileges to the SQL Server Data Root directory and its subordinate directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015610 - In a database owned by [sa], or by any other login having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-015620 - In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-016830 - SQL Server must have the Data Quality Client software component removed if it is unused. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-030410 - Where SQL Server Audit is in use, SQL Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-007700 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |
