| 1.9 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Ensure 'Set time and date automatically' Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure that 'Fallback to local' option is disabled for Remote Authentication Settings | CIS F5 Networks v1.0.0 L2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.7.1 iCloud configuration | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure Auto-Scaling Launch Configuration for App-Tier is configured to use an approved Amazon Machine Image | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
| 4.1.5 Disable weak ciphers | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.5 Disable weak ciphers | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.5 Disable weak ciphers | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure that a log metric filter for the Cloudwatch group assigned to the "VPC Flow Logs" is created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Ensure EBS volume encryption is enabled in all regions | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure an agent for AWS Cloudwatch Logs is installed within Auto-Scaling Group for App-Tier | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 6.1 Understanding attack vectors and runtime parameters | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.1 Understanding attack vectors and runtime parameters | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.1 Understanding attack vectors and runtime parameters | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.1 Understanding attack vectors and runtime parameters | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.1 Understanding attack vectors and runtime parameters | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.18 Ensure Web tier ELB Security Group is not used in the Auto Scaling launch configuration of any other tier (Web, App) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | |
| 6.32 Ensure Auto-Scaling Launch Configuration for Web Tier is configured to use the Web Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 6.33 Ensure Auto-Scaling Launch Configuration for App Tier is configured to use the App Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| ESXI-70-000091 - The ESXi host must be configured with an appropriate maximum password age. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000227 - The ESXi host must be configured with an appropriate maximum password age. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.api-soap-timeout | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.host-client-session-timeout | VMware vSphere Security Configuration and Hardening Guide | VMware | ACCESS CONTROL |
| ESXi: esxi-8.timekeeping-sources | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000147 - The Exchange malware scanning agent must be configured for automatic updates. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000244 - Exchange must have the most current, approved Cumulative Update installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| RHEV: Clusters Memory Balooning | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Hosts - Update required | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Storage Domains - Backup storage | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: VMs copy/paste feature | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: VMs file transfer feature | Tenable RedHat Enterprise Virtualization | RHEV | |
| Routing Protocol Security - Periodically change route authentication keys in accordance with your organization's security policy | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
| Routing Protocol Security - Select the strongest algorithm that is supported by your equipment and your neighbors - BGP | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Routing Protocol Security - Select the strongest algorithm that is supported by your equipment and your neighbors - OSPF | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-070100 - Duplicate User IDs (UIDs) must not exist for users within the organization. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-070110 - Duplicate UIDs must not exist for multiple non-organizational users. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-070110 - Duplicate UIDs must not exist for multiple non-organizational users. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-070150 - Duplicate group names must not exist. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-010400 - SQL Server auditing configuration maximum file size must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001470 - Tomcat server must be patched for security vulnerabilities. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
