| 1.2 Apply Latest OS Patches | CIS Solaris 10 L1 v5.2 | Unix | |
| 1.5 Ensure the Cassandra service is run as a non-root user | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 1.5 Ensure the Cassandra service is run as a non-root user | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.10 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.10 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 3.1.4 Ensure the log file destination directory is set correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_line_prefix' is set correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.16 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.3.4.16 Ensure ntalk daemon is not in use | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.3.4.27 Ensure talk daemon is not in use | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure login via "host" TCP/IP Socket is configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure 'backend' runtime parameters are configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONTINGENCY PLANNING |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Create Warning Banner for CDE Users - CDE package was not found | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.7 Check Permissions on User Home Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.8 Check Permissions on User "." (Hidden) Files | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.11 Check Groups in passwd(4) | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.11 Check Permissions on User .netrc Files | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 9.13 Check That Defined Home Directories Exist | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.13 Check That Defined Home Directories Exist | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.17 Check That Reserved UIDs Are Assigned to System Accounts | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.21 Find World Writable Files | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| CD12-00-002400 - PostgreSQL must record time stamps, in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT). | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| CD12-00-004400 - PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is accessed. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EP11-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-003200 - Software, applications, and configuration files that are part of, or related to, the Postgres Plus Advanced Server installation must be monitored to discover unauthorized changes. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-003900 - Unused database components which are integrated in the EDB Postgres Advanced Server and cannot be uninstalled must be disabled. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004000 - Access to external executables must be disabled or restricted. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004400 - If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-DM-000163 - The Juniper SRX Services Gateway must limit the number of sessions per minute to an organization-defined number for SSH to protect remote access management from unauthorized access. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-001740 - The WebSphere Application Server must remove organization-defined software components after updated versions installed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-001740 - The WebSphere Application Server must remove organization-defined software components after updated versions installed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WPAW-00-002600 - If several PAWs are set up in virtual machines (VMs) on a host server, domain administrative accounts used to manage high-value IT resources must not have access to the VM host operating system (OS) (only domain administrative accounts designated to manage PAWs should be able to access the VM host OS). | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
