| 2.1.18 Disable tcpmux-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.31 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.38 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.38 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.42 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.54 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.54 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit all failed events across all audit classes' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed administrative events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file deletion events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed login/logout events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Ensure Auto-Scaling Launch Configuration for App-Tier is configured to use an approved Amazon Machine Image | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
| 4.9 Monitor Usage Statistics | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - AUDIT_CHANGE_GROUP | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - AUDIT_CHANGE_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - FAILED_LOGIN_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - FAILED_LOGIN_GROUP | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure Database Backups are Encrypted | CIS Microsoft SQL Server 2019 v1.5.0 L2 Database Engine | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure Databases are Encrypted with TDE | CIS SQL Server 2017 Database L2 DB v1.3.0 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-002410 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JBOS-AS-000165 - File permissions must be configured to protect log information from any type of unauthorized read access. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000170 - File permissions must be configured to protect log information from unauthorized modification. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000175 - File permissions must be configured to protect log information from unauthorized deletion. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000040 - The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-IP-000013 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| SQL2-00-000900 - SQL Server must allow authorized users to associate security labels to information in the database. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-018100 - SQL Server backup and restoration files must be protected from unauthorized access. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SQL2-00-018400 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - or processes acting on behalf of organizational users | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-020400 - SQL Server must associate and maintain security labels when exchanging information between systems. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-022000 - SQL Server must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL6-D0-003600 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | ACCESS CONTROL |
| SQL6-D0-004700 - SQL Server must initiate session auditing upon startup. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI). | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-017900 - SQL Server Replication Xps feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
