| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 1.1.3.1 Configure Authorization | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | ACCESS CONTROL |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_FCHROOT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_PRIOCNTLSYS : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEGID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREUID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETSID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETUID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports, with the defaults (UDP 1434 and TCP 1433) disabled | CIS Microsoft SharePoint 2019 DB v1.0.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 6.1.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | ACCESS CONTROL |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.2 Ensure 'Disable HTTP proxy features: Disable proxy authentication' is set to 'Enabled: Disable authentication over loopback interfaces' or higher | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-022400 - SQL Server must ensure, if Database Availability Groups are being used and there is a server failure, that none of the potential failover servers would suffer from resource exhaustion. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-036400 - SQL Server must generate Trace or Audit records when locally-defined security objects are modified - Event ID 47 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036400 - SQL Server must generate Trace or Audit records when locally-defined security objects are modified - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036400 - SQL Server must generate Trace or Audit records when locally-defined security objects are modified - SCHEMA_OBJECT_CHANGE_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-036400 - SQL Server must generate Trace or Audit records when locally-defined security objects are modified. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped - Event ID 46 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped - Event ID 47 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped - Event ID 162 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped - Event ID 164 | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped - SCHEMA_OBJECT_CHANGE_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037100 - SQL Server must generate Trace or Audit records when locally-defined security objects are dropped. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037500 - SQL Server must generate Trace or Audit records when successful logons or connections occur - Event ID 14 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037500 - SQL Server must generate Trace or Audit records when successful logons or connections occur - SUCCESSFUL_LOGIN_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur - Event ID 17 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur - LOGOUT_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
