| 1.5 Enable OS X update installs | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Enable OS X update installs | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Ensure AppArmor is installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1.1.2 Ensure chrony is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.1.1 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.1.1 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.1.1 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.1.1.1 Ensure journald is configured to write logfiles to persistent disk | CIS Bottlerocket L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Do not use update instructions alone in the Dockerfile | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems - 'root is not a mamber of the oracle group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| FFOX-00-000019 - Firefox private browsing must be disabled. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000019 - Firefox private browsing must be disabled. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FireEye - A scheduled system backup job is configured | TNS FireEye | FireEye | CONTINGENCY PLANNING |
| FireEye - AAA failed logins are tracked | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockout settings apply to the 'admin' user | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts are enabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts occur after at most 5 failures | TNS FireEye | FireEye | |
| FireEye - AAA user mapping default | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Boot image must be signed | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - CLI commands do not hide any settings from administrators | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Configuration auditing logs the required number of changes | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - NTP is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - SNMP is enabled | TNS FireEye | FireEye | |
| FireEye - System events are emailed to administrators | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Web users are logged out after 20 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| JBOS-AS-000240 - Remote access to JMX subsystem must be disabled. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| WN16-AU-000390 - Windows Server 2016 must be configured to audit System - Other System Events successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000340 - Windows Server 2019 must be configured to audit System - Other System Events successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000350 - Windows Server 2019 must be configured to audit System - Other System Events failures. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-AU-000340 - Windows Server 2022 must be configured to audit System - Other System Events successes. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-AU-000350 - Windows Server 2022 must be configured to audit System - Other System Events failures. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
