| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.2 Database Audit L1 v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that authentication is enabled for MongoDB databases | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian 10 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian 10 Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.5.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Alertmail server not configured or this feature is not available on the device | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| Auto Backup via central management is not available or not configured. | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONTINGENCY PLANNING |
| EX16-ED-000320 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - AAA - RADIUS server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Review the patch update method | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| Fortigate - Review users with admin privileges | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - SNMP v3 is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-001300 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001600 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish what type of events occurred. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002000 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-003500 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be owned by database/EDB Postgres Advanced Server principals authorized for ownership. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-007400 - The EDB Postgres Advanced Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-010100 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to access security objects occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011050 - Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011400 - The EDB Postgres Advanced Server must generate audit records when security objects are deleted. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
