| 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.9 Only enable NFS client processes if absolutely necessary - Ensure file /etc/rc2.d/S73nfs.client does NOT exist. | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 4.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.32 init.ora - 'db_securefile = ALWAYS' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "DBMS_CREDENTIAL" Package | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.3.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.3.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 6.2.2 Ensure 'EXP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.19 Ensure the 'AUDSYS.AUD$UNIFIED' Access Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.11 Set Retry Limit for Account Lockout - Check if 'RETRIES' in /etc/default/login is set to 3. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.15 Set Retry Limit for Account Lockout - RETRIES = 3 | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-#badlogins = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.16 Set EEPROM Security Mode and Log Failed Access (SPARC) - eeprom security-mode = command | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 10 - Online Certificate Status Protocol | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG Only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG Only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.5.2 (L1) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higher | CIS Microsoft Windows Server 2022 v4.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.28.4 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.4 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.7 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.7 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.7 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.7 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-002770 - AlmaLinux OS 9 must log SSH connection attempts and failures to the server. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-003100 - AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-034340 - AlmaLinux OS 9 must use the CAC smart card driver. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-L2-000170 - The Arista MLS layer 2 switch must have all disabled switch ports assigned to an unused VLAN. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001021 - In the event of an error when validating the binding of other DNS servers identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| BIND-9X-001100 - The BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001401 - On a BIND 9.x server in a split DNS configuration, where separate name servers are used between the external and internal networks, the external name server must be configured to not be reachable from inside resolvers. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| O112-C2-001800 - The system must employ automated mechanisms for supporting Oracle user account management. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | ACCESS CONTROL |
| RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411060 - All RHEL 9 local interactive users must have a home directory assigned in the /etc/passwd file. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-01-000018 - Oracle WebLogic must automatically audit account creation - Configuration Audit Type | Oracle WebLogic Server 12c Windows v2r2 | Windows | ACCESS CONTROL |
| WBLC-01-000019 - Oracle WebLogic must automatically audit account modification - Auditing Provider | Oracle WebLogic Server 12c Linux v2r2 | Unix | ACCESS CONTROL |
| WBLC-01-000019 - Oracle WebLogic must automatically audit account modification - Auditing Provider | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000019 - Oracle WebLogic must automatically audit account modification - Auditing Provider | Oracle WebLogic Server 12c Windows v2r2 | Windows | ACCESS CONTROL |
| WN10-AU-000520 - Windows 10 permissions for the Security event log must prevent access by non-privileged accounts. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000525 - Windows 10 permissions for the System event log must prevent access by non-privileged accounts. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-CC-000205 - Windows Telemetry must not be configured to Full. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000040 - Windows Server 2022 Kerberos user ticket lifetime must be limited to 10 hours or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
