| 1.2 Review the default login | CIS Sybase 15.0 L1 OS Windows v1.1.0 | Windows | ACCESS CONTROL |
| 1.5.1 Set User/Group Owner on /etc/grub.conf | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.12 Configure centralized and remote logging | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure Relational Database Service backup retention policy is set | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONTINGENCY PLANNING |
| 3.7 Remove LDAP | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.4 Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.11 Use Only Approved Ciphers in Counter Mode - Ciphers aes128-ctr,aes192-ctr,aes256-ctr | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.3.5 Limit Password Reuse - password sufficient pam_unix.o <existing options> remember=5 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.8 Run a host and/or network-based packet firewall | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1.1 Verify System File Permissions | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL |
| 9.2.13 Check User Home Directory Ownership | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 9.22 Find SUID/SGID System Executables | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.69.2 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.66.3 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.3 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.3 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.3 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v86 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v87 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v85 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v84 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-002770 - AlmaLinux OS 9 must log SSH connection attempts and failures to the server. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-003100 - AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-015090 - All AlmaLinux OS 9 local interactive users must have a home directory assigned in the /etc/passwd file. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028510 - AlmaLinux OS 9 must disable remote management of the chrony daemon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-034340 - AlmaLinux OS 9 must use the CAC smart card driver. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-037420 - AlmaLinux OS 9 must be configured so that the system's shadow file is configured to store only encrypted representations of passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-052710 - AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001005 - The host running a BIND 9.x implementation must use a dedicated management interface in order to separate management traffic from DNS specific traffic. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CD12-00-006200 - PostgreSQL must generate audit records when concurrent logons/connections by the same user from different workstations occur. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| CD12-00-010000 - PostgreSQL must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| DTAM136 - McAfee VirusScan Unwanted Programs Policy must be configured to detect adware. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM136 - McAfee VirusScan Unwanted Programs Policies must be configured to detect adware. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000505 - The JBoss server must be configured to utilize syslog logging. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| MADB-10-001700 - MariaDB must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O112-OS-011200 - The OS must limit privileges to change the DBMS software resident within software libraries (including privileged programs). | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-009300 - The system must protect audit information from any type of unauthorized access. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-090280 - The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'CustomLog' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'DocumentRoot' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. - 'ErrorLog' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-00-000040 - Windows 10 systems must be maintained at a supported servicing level. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
