| 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.5 Review User-Defined Roles | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian 10 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.11 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.2.4.4 Ensure the audit log file directory mode is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.4.4.4 Ensure the audit log file directory mode is configured | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| Fortigate - AAA - TACACS+ server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - SNMP v3 auth-priv is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-000900 - The EDB Postgres Advanced Server must protect against a user falsely repudiating having performed organization-defined actions. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-001900 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the sources (origins) of the events - origins of the events. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-005800 - The EDB Postgres Advanced Server must isolate security functions from non-security functions. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-005900 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006600 - The EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA and DBA. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-007000 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in process. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-008600 - The EDB Postgres Advanced Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s). | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-011200 - The EDB Postgres Advanced Server must generate audit records when privileges/permissions are deleted. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-011700 - Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SNMP is not enabled. SNMP specific checks not performed. | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010305 - The Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010307 - The Ubuntu operating system must permit only authorized groups to own the audit log files. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
