| 2.1.18 Disable tcpmux-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.31 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.38 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.46 Ensure 'Manage auditing and security log' is set to 'Administrators' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.54 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.1.3 Ensure 'Accounts: Guest account status' is set to 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.13 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Set a generic system name | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 4.4.7 Restrict Access to SYSIBMADM.AUTHORIZATIONIDS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Monitor Usage Statistics | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.3.19 Make the Audit Configuration Immutable - -e 2 | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5 Ensure The Use Of SYS* Privileges Is Audited | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1 Restrict Access to SYSCAT.AUDITPOLICIES | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.1 Restrict Access to SYSCAT.AUDITPOLICIES | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.1.15 Ensure the 'PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.15 Ensure the 'PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.2.27 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 7.1.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | SYSTEM AND SERVICES ACQUISITION |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-045670 - AlmaLinux OS 9 audit system must audit local events. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-005900 - DB2 must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| DG0125-ORACLE11 - DBMS account passwords should be set to expire every 60 days or more frequently - 'Database password expiration < 60 days' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EX16-MB-000670 - Exchange must provide Mailbox databases in a highly available and redundant configuration. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000165 - File permissions must be configured to protect log information from any type of unauthorized read access. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000170 - File permissions must be configured to protect log information from unauthorized modification. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000175 - File permissions must be configured to protect log information from unauthorized deletion. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-011500 - MariaDB must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MD7X-00-005700 MongoDB must check the validity of all data inputs except those specifically identified by the organization. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | SYSTEM AND INFORMATION INTEGRITY |
| MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-012500 - When invalid inputs are received, the MySQL Database Server 8.0 must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
| O19C-00-018100 - The database management system (DBMS) and associated applications, when making use of dynamic code execution, must take steps against invalid values that may be used in a SQL injection attack, therefore resulting in steps to prevent a SQL injection attack. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| SQL2-00-007900 - SQL Server must not grant users direct access control to the Alter Any Availability Group permission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | ACCESS CONTROL |
| SQL2-00-018400 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - or processes acting on behalf of organizational users | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-020400 - SQL Server must associate and maintain security labels when exchanging information between systems. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-020090 - Audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| UBTU-16-020120 - Audit logs must be group-owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
