| 2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.2.5 Ensure 'OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.8 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.9 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.11 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.11 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.14 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.14 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.15 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.15 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure 'CREATE', 'ALTER', And 'DROP' 'PUBLIC DATABASE LINK' Is Revoked From Unauthorized 'GRANTEE' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.8 Ensure 'Active Directory Infrastructure object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| CD12-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-002700 - DB2 must protect its audit features from unauthorized removal | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DG0128-ORACLE11 - DBMS default accounts should be assigned custom passwords - 'No default accounts are OPEN' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| O19C-00-010800 - The Oracle Database data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015700 - Vendor-supported software and patches must be evaluated and patched against newly found vulnerabilities. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| VCWN-06-000032 - A least-privileges assignment must be used for the Update Manager database user. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WN22-DC-000170 - Windows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
