2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
2.2.16 Ensure 'SQL92_SECURITY' Is Set to 'TRUE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
2.2.18 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
2.2.18 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
2.3.7 Ensure 'REMOTE_OS_ROLES' Is Set To 'FALSE' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL |
2.4 Enable network password encryption | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | IDENTIFICATION AND AUTHENTICATION |
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
2.17 Ensure 'clr strict security' Server Configuration Option is set to '1' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
2.18 Ensure 'clr strict security' Server Configuration Option is set to '1' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_CREDENTIAL' Package | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "DBMS_CREDENTIAL" Package | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "DBMS_CREDENTIAL" Package | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
6.1.1 Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
7.1.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
10.4 Restrict access to the DB2 Activity Monitor utility | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
20.2 Ensure 'Active Directory AdminSDHolder object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
20.4 Ensure 'Active Directory Domain Controllers Organizational Unit (OU) object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
20.4 Ensure 'Active Directory Domain Controllers Organizational Unit (OU) object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
20.9 Ensure 'Active Directory RID Manager$ object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
20.9 Ensure 'Active Directory RID Manager$ object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
ALMA-09-046770 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
DB2X-00-002500 - DB2 must protect its audit features from unauthorized access | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
DB2X-00-002600 - DB2 must protect its audit configuration from unauthorized modification | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
EP11-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | ACCESS CONTROL |
MD3X-00-000500 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
MD4X-00-001000 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
O121-C2-008300 - The system must provide a real-time alert when organization-defined audit failure events occur. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 12c v3r2 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 12c v3r2 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
PPS9-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
SP13-00-000175 - The SharePoint setup account must be configured with the minimum privileges on the SQL server. | DISA STIG SharePoint 2013 v2r4 | Windows | CONFIGURATION MANAGEMENT |
SQL2-00-002200 - SQL Server must enforce non-DAC policies over users and resources where the policy rule set for each policy specifies access control information (i.e., position, nationality, age, project, time of day) - 'server permissions' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
SQL2-00-015300 - SQL Server must monitor for security-relevant configuration settings to discover unauthorized changes. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
SQL2-00-017000 - Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
SQL2-00-017200 - Access to xp_cmdshell must be disabled. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |