| 1.1.2 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.1.4.1.1 Ensure select data center regions for meetings/webinars hosted by your account is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.1.4.1.1 Ensure select data center regions for meetings/webinars hosted by your account is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.1.5.2 Ensure ask users to integrate Office 365 calendar when they sign in is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure the latest software package is installed | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure the latest software package is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure the latest software package is installed | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.10 Use Dedicated "mgmt" Interface and VRF for Administrative Functions | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.11 Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.11 Ensure Web Tier ELB is using HTTPS listener | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | IDENTIFICATION AND AUTHENTICATION |
| 1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to Disabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to Disabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.14 Ensure App Tier ELB is using HTTPS listener | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | IDENTIFICATION AND AUTHENTICATION |
| 2.1.3 Ensure all data in Amazon S3 has been discovered, classified, and secured when necessary | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 2.15 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Ensure SQL Authentication is not used in contained databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure a user for the container has been created | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files are Stored on a Non-System Partition | CIS MySQL 8.0 Community Database L1 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files are Stored on a Non-System Partition | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2.1 (L1) Host must isolate storage communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Set 'Prompt user to choose security settings if default settings fail' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 (L1) Virtual machines must remove unnecessary USB/XHCI devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.13 (L1) Virtual machines must remove unnecessary serial port devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.15 (L2) Virtual machines must remove unnecessary CD/DVD devices | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 7.16 (L1) Virtual machines must remove unnecessary floppy devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.1.7 Unset the Service Name for Plaintext Communication (SVCENAME) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| ARST-L2-000190 - The Arista MLS layer 2 switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-000850 - Kubernetes Kubelet must deny hostname override. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EX19-ED-000159 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | ACCESS CONTROL |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Detect SSLv2 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-18-010023 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| UBTU-18-010507 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw). | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| UBTU-20-010433 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-20-010434 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw). | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-251010 - Ubuntu 22.04 LTS must have an application firewall installed in order to control remote access methods. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| UBTU-22-251015 - Ubuntu 22.04 LTS must enable and run the Uncomplicated Firewall (ufw). | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw). | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
