| 2.2.4 Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.33 Ensure 'Lock pages in memory' is set to 'No One' - No One | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.17 Ensure 'clr strict security' Server Configuration Option is set to '1' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Check Responses TTL Field - check-response-ttl=yes | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.20 Ensure 'log_connections' is enabled | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 5.3.1 Remove operating system related ESPs | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 20.10 Ensure 'Active Directory SYSVOL directory must have the proper access control permissions' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.23 Ensure 'Domain controllers have a PKI server certificate' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.23 Ensure 'Domain controllers have a PKI server certificate' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-051830 - AlmaLinux OS 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052820 - AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-053480 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001021 The macOS system must be configured to audit all changes of object attributes. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-15-001020 - The macOS system must be configured to audit all deletions of object attributes. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| DG0074-ORACLE11 - Unapproved inactive or expired database accounts should not be found on the database. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| EP11-00-000100 - The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EP11-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EPAS-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000315 - The Exchange SMTP automated banner response must not reveal server details. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-000700 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-007700 - Database software, applications, and configuration files must be monitored to discover unauthorized changes. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-008000 - The Oracle Database software installation account must be restricted to authorized users. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-008400 - Oracle Database must be configured in accordance with the security configuration settings based on DOD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-009600 - System Privileges must not be granted to PUBLIC. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-010000 - Application role permissions must not be assigned to the Oracle PUBLIC role. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-010400 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-011500 - The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-012900 - Oracle Database default demonstration and sample databases, database objects, and applications must be removed. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-013100 - Unused database components that are integrated in the database management system (DBMS) and cannot be uninstalled must be disabled. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-014600 - Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-014800 - Oracle Database must for password-based authentication, store passwords using an approved salted key derivation function, preferably using a keyed hash. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-017400 - Oracle Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-018300 - Oracle Database must only generate error messages that provide information necessary for corrective actions without revealing organization-defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| O19C-00-018700 - Oracle Database must disable accounts when the accounts have expired. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | ACCESS CONTROL |
| PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-651025 - RHEL 9 must use cryptographic mechanisms to protect the integrity of audit tools. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010440 - The operating system must protect audit information from unauthorized access. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-009800 - SQL Server DBA roles must not be assigned excessive or unauthorized privileges. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| TCAT-AS-000820 - Tomcat must be configured to limit data exposure between applications. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-020310 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020320 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020340 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| VM Tools: guest-8.tools-allow-transforms | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
