| 1.1.19 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.7.1.1 Ensure message of the day is configured properly - msrv | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.12 Configure centralized and remote logging | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 - Roles, Applications, and Authentication - RSH is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1 - Roles, Applications, and Authentication - Telnet is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Ensure 'debug_pretty_print' is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.17 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.18 Ensure 'debug_print_plan' is disabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Ensure 'debug_pretty_print' is enabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.23 Ensure 'log_statement' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_error_verbosity' is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_line_prefix' is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.27 Ensure 'log_lock_waits' is enabled | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.5 Control access to audit records - /etc/security/audit_control | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | |
| 3.5 Control access to audit records - /var/audit | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure excessive function privileges are revoked | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5.3 Verify Permissions on /etc/hosts.allow | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.7 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.9 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 7.1 Ensure SSL Certificates are Configured For Replication - ssl key file | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.3 Set Password Expiring Warning Days - PASS_WARN_AGE >= 7 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | CONTINGENCY PLANNING |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONTINGENCY PLANNING |
| 7.4 Ensure WAL archiving is configured and functional | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.77.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v89 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | MSCT Edge v90 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-008050 - AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ALMA-09-032250 - AlmaLinux OS 9 must require reauthentication when using the "sudo" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-038300 - Passwords for new users or password changes must have a 24-hour minimum password lifetime restriction in /etc/login.defs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DISA_STIG_VMware_vSphere_6.7_PostgreSQL_v1r2.audit from DISA VMware vSphere 6.7 PostgreSQL v1r2 STIG | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | |
| EX16-ED-000620 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000250 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| VM Tools: guest-8.tools-updates | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
