| 2.2 Enable message integrity | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 2.2.6 Ensure 'REMOTE_LISTENER' Is Empty | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.6 Ensure 'REMOTE_LISTENER' Is Empty | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Enable message confidentiality | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 2.13 Ensure the 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 2.14 Ensure the 'sa' Login Account has been renamed | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.1 Disable the Audit Buffer | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 10.4 Restrict access to the DB2 Activity Monitor utility | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | ACCESS CONTROL |
| ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_VMware_vSphere_7.0_SVC.audit from DISA VMware vSphere 7.0 vCenter Appliance Lookup Service v1r2 STIG | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | |
| EPAS-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-002000 - The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002800 - The MySQL Database Server 8.0 must generate audit records when security objects are modified. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002800 - The MySQL Database Server 8.0 must generate audit records when security objects are modified. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003200 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are deleted. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-004000 - SQL Server must enforce access control policies to restrict the Alter trace permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-005600 - SQL Server must enforce access control policies to restrict the Alter resources permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-006700 - SQL Server must enforce access control policies to restrict the Create availability group permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007100 - SQL Server must enforce access control policies to restrict the Create trace event notification permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007200 - SQL Server must enforce access control policies to restrict the External access assembly permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-007300 - SQL Server must enforce access control policies to restrict the Shutdown permission to only authorized roles. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-018200 - SQL Server backups of system-level information per organization-defined frequency must be performed that is consistent with recovery time and recovery point objectives. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000033 - A least-privileges assignment must be used for the vCenter Server database user. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
