| 1.5 Enable OS X update installs | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.18 Ensure '_TRACE_FILES_PUBLIC' Is Set to 'FALSE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Do not use update instructions alone in the Dockerfile | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure 'Attack Vectors' Runtime Parameters are Configured | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled. | DISA STIG Kubernetes v2r3 | Unix | ACCESS CONTROL |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| FireEye - AAA lockout settings apply to the 'admin' user | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts delay further attempts for at least 30 seconds | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Binary analysis AV-suite is enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - CLI commands do not hide any settings from administrators | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Guest images | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - IPMI password needs to be set | TNS FireEye | FireEye | |
| FireEye - LDAP requires encryption | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Local logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Local logging level is not overridden except by defaults | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Management interface is only accessible from specific IP ranges | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - NTP client is synchronized | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - NTP client uses a custom server | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - SNMP is enabled | TNS FireEye | FireEye | |
| FireEye - SNMP uses a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP v3 uses SHA instead of MD5 | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - SSH connections must be SSHv2 | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - System events are emailed to administrators | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Time zone selection | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - User 'admin' SSH access is disabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Web users are logged out after 20 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - YARA policy applies both customer and FireEye rules | TNS FireEye | FireEye | SECURITY ASSESSMENT AND AUTHORIZATION |
| FireEye - YARA rules are enabled | TNS FireEye | FireEye | SECURITY ASSESSMENT AND AUTHORIZATION |
| O19C-00-010600 - Oracle Database production application and data directories must be protected from developers on shared production/development database management system (DBMS) host systems. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 12c v3r2 Linux | Unix | CONFIGURATION MANAGEMENT |
| O121-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 12c v3r2 Windows | Windows | CONFIGURATION MANAGEMENT |
| SOL-11.1-070070 - Users must have a valid home directory assignment. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
