| 1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed | CIS Microsoft SQL Server 2025 v1.0.0 L1 AWS RDS MS_SQLDB | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure Latest SQL Server Cumulative and Security Updates are Installed | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 1.5 WN19-00-000050 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.112 WN19-CC-000190 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.154 WN19-DC-000080 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I | Windows | ACCESS CONTROL |
| 1.211 WN19-SO-000040 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 1.264 WN19-UR-000110 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 1.268 WN19-UR-000150 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 2.1.1 Remove telnet-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges on the SQL server - Roles | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS Microsoft SQL Server 2025 v1.0.0 L1 AWS RDS MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| 3.7 Ensure the SQL Server's Full-Text Service Account is Not an Administrator | CIS Microsoft SQL Server 2025 v1.0.0 L1 AWS RDS Windows | Windows | ACCESS CONTROL |
| 5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| CIS_Ubuntu_16.04_LTS_Server_v2.0.0_L1.audit from CIS Ubuntu 16.04 LTS Server Benchmark L1 v2.0.0 | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | |
| SQL2-00-009200 - SQL Server must be protected from unauthorized access by developers. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 102' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 106' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 111' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 128' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 129' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 130' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 171' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 176' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 178' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 15' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 18' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 102' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 108' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 110' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 113' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 115' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 116' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 152' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012200 - SQL Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - 'Event ID 173' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-021800 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-024300 - Symmetric keys (other than the database master key) must use a DoD certificate to encrypt the key. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-024200 - Database Master Key passwords must not be stored in credentials within the database. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-033700 - Time stamps in database tables, intended for auditing or activity-tracking purposes, must include both date and time of day, with a minimum granularity of one second. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-035200 - When invalid inputs are received, SQL Server must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL6-D0-000700 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-001200 - SQL Server must limit privileges to change software modules, to include stored procedures, functions, and triggers, and links to software external to SQL Server. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-002000 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-002500 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in storage. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002600 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in process, transit, or storage. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-018100 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQLD-22-001900 - SQL Server must isolate security functions from nonsecurity functions. | DISA Microsoft SQL Server 2022 Database STIG v1r3 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQLD-22-003300 - SQL Server must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA Microsoft SQL Server 2022 Database STIG v1r3 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
