| 1.7 Audit docker daemon | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7 Audit docker daemon | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit docker daemon | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.6 Disable Kerberos TGT Expiration Warning | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.6 Disable Kerberos TGT Expiration Warning | CIS Solaris 11 L1 v1.1.0 | Unix | |
| 2.6 Ensure the Proxy Modules Are Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure the Proxy Modules Are Disabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure the Proxy Modules Are Disabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Set 'Allow simple passwords' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Turn off TRACE (check server.xml) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 4 L1 OS Windows v1.0.0 | Windows | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 7 v1.1.0 L1 MongoDB | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 7 v1.1.0 L1 MongoDB | Windows | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | ACCESS CONTROL |
| 5.1 Do not disable AppArmor | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.3.3 Keep All Auditing Information | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.31 Don't use the default VPC | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | |
| ALMA-09-054690 - AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| CIS_MongoDB_3.2_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_3.2_Benchmark_Level_2_OS_Windows_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_3.4_Benchmark_Level_2_OS_Windows_v1.0.0.audit from CIS MongoDB 3.4 Benchmark v1.0.0 | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | |
| EX13-EG-003016 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000142 - Exchange must have anti-spam filtering configured. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MD3X-00-000010 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | ACCESS CONTROL |
| MD3X-00-000290 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | CONFIGURATION MANAGEMENT |
| MD3X-00-000310 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000310 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-006000 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-008000 The DBMS must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | CONFIGURATION MANAGEMENT |
| MD7X-00-008900 MongoDB must maintain the confidentiality and integrity of information during reception. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-012500 MongoDB must be configured in accordance with the security configuration settings based on DOD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000234 - OHS must not have the directive PlsqlDatabasePassword set in clear text. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000080 The Photon operating system must initiate session audits at system startup. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030321 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 14' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 15' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 20' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 109' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 118' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 129' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-001600 - SQL Server must ensure that remote sessions that access an organization-defined list of security functions and security-relevant information are audited - 'Event ID 132' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| TCAT-AS-001590 - Changes to $CATALINA_HOME/bin/ folder must be logged. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| TNS_IBM_HTTP_Server_Best_Practice.audit | TNS IBM HTTP Server Best Practice | Windows | |
| TNS_IBM_HTTP_Server_Linux_Best_Practice.audit | TNS IBM HTTP Server Best Practice | Unix | |
