| 1.1.2.3.4 Ensure a separate file system/partition has been created for non-privileged local interactive user home directories | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.4.8 Ensure GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.10 Ensure GRUB 2 is configured to disable vsyscalls | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Ensure core dump storage is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.5.4 Ensure core dump storage is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.14 Ensure the operating system is configured to boot to the command line | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.5.18 Ensure the operating system disables core dumps for all users | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.1.35 Ensure the TFTP daemon is configured to operate in secure mode | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 3.4 Ensure at least two name servers are configured if using DNS resolution | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.1.32 Ensure sshd StrictModes is enabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.1.35 Ensure sshd X11UseLocalhost is enabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.1.38 Ensure sshd PrintLastLog is enabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.4.1.11 Ensure fail_delay is configured | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2.9 Ensure all accounts on the system are assigned to an active system, application, or user account | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| DG0003-ORACLE11 - The latest security patches should be installed. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0020-ORACLE11 - Backup and recovery procedures should be developed, documented, implemented and periodically tested. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0030-ORACLE11 - Audit trail data should be retained for one year. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0051-ORACLE11 - Database job/batch queues should be reviewed regularly to detect unauthorized database job submissions - 'No unknown jobs exist in the dba_scheduler_jobs queue' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DG0053-ORACLE11 - A single database connection configuration file should not be used to configure all database clients. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0068-ORACLE11 - DBMS tools or applications that echo or require a password entry in clear text should be protected from password display. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0118-ORACLE11 - The IAM should review changes to DBA role assignments. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0122-ORACLE11 - Access to sensitive data should be restricted to authorized users identified by the Information Owner - 'controlfile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DG0122-ORACLE11 - Access to sensitive data should be restricted to authorized users identified by the Information Owner - 'spfile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DG0158-ORACLE11 - DBMS remote administration should be audited. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0171-ORACLE11 - The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0172-ORACLE11 - Changes to DBMS security labels should be audited. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DG0176-ORACLE11 - The DBMS audit logs should be included in backup operations. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0176-ORACLE11 - The DBMS audit logs should be included in backup operations. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO0231-ORACLE11 - Application owner accounts should have a dedicated application tablespace. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO0234-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter should be protected from unauthorized access - 'audit_file_dest parameter is configured' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO3440-ORACLE11 - The DBA role should not be granted to unauthorized user accounts - 'No unauthorized DBA accounts exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO3451-ORACLE11 - The Oracle WITH GRANT OPTION privilege should not be granted to non-DBA or non-Application administrator user accounts - 'No accounts with grant option exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO3546-ORACLE11 - The Oracle REMOTE_LOGIN_PASSWORDFILE parameter should be set to EXCLUSIVE or NONE - 'remote_login_passwordfile = exclusive or none' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DO6748-ORACLE11 - Case sensitivity for passwords should be enabled - 'sec_case_sensitive_logon = true' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| WA000-WWA060 A22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA062 A22 - The HTTP request header fields must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA066 A22 - The HTTP request line must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
