| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.4 Ensure ip6tables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.4 Ensure ip6tables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.203 - Prohibit Network Bridge in Windows | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_STIG.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN003540 - The system must implement non-executable program stacks - 'kernel.randomize_va_space' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020210 - The Red Hat Enterprise Linux operating system must enable SELinux. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-020230 - The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
