| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | ACCESS CONTROL |
| 1.5.1 Ensure core dumps are restricted - hard core 0 | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 2.1.3 Ensure 'ADMIN_RESTRICTIONS_<listener_name>' Is Set to 'ON' | CIS Oracle Server 11g R2 Unix v2.2.0 | Unix | ACCESS CONTROL |
| 2.2.6 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.10 (L1) Ensure 'Back up files and directories' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.33 (L1) Ensure 'Lock pages in memory' is set to 'No One' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.34 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.38 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.40 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.43 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Configure 'Network access: Remotely accessible registry paths' is configured | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.10.9 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.10.9 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file pattern | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file content | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file pattern | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_INIT_CONTENT is set to default | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.3.1 Establish DAS administrative group | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Restrict Core Dumps - limits.conf | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 5.3 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 6.1.11 Audit SUID executables | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.10 Restrict root Login to System Console - Check if 'CONSOLE' in /etc/default/login is set to /dev/console. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/at.allow | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.32 Ensure Auto-Scaling Launch Configuration for Web Tier is configured to use the Web Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 6.33 Ensure Auto-Scaling Launch Configuration for App Tier is configured to use the App Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 10.2 Restrict access to the web administration | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 20.53 Ensure 'Permissions on Active Directory data files only allow System and Administrator access' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| Management Services Security - Configure read-only access; use read-write only when required - usm | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| User Authentication Security - Centralized authentication - Create an emergency local account in the event authentication is unavailable | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
