| 1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Use Dedicated Least Privileged Account for MariaDB Daemon/Service | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Community Linux OS L1 v1.1.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | ACCESS CONTROL |
| 1.6.1 Restrict Core Dumps - * hard core 0' | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1 Restrict Core Dumps - fs.suid_dumpable = 0' | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.1 Ensure message of the day is configured properly | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure that RDS instances are not publicly accessible | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.9 Disable Samba Support - Make sure that /etc/sfw/smb.conf does not exist. Note this check is only applicable for Solaris 10 >= 11/06 | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.12 Configure centralized and remote logging | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 - Roles, Applications, and Authentication - Telnet is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.5 Verify Permissions on /etc/hosts.deny | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 6.2.13 Limit Access via SSH - AllowUsers/Groups, DenyUsers/Groups | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 7.5 Firewall Consideration | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 9.1.8 Verify User/Group Ownership on /etc/gshadow | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 9.1.9 Verify User/Group Ownership on /etc/group | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.77.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-013550 - AlmaLinux OS 9 must disable the ability of systemd to spawn an interactive boot process. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CD12-00-000600 - PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000235 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000470 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - AAA user mapping source | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Inline blocking mode configuration | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Inline blocking network whitelists | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Inline blocking signature policy exceptions | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Interface configuration | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - List patches | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Workorder stats | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SPLK-CL-000105 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| VMCH-65-000047 - The virtual machine guest operating system must be locked when the last console connection is closed. | DISA STIG VMware vSphere Virtual Machine 6.5 v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000022 - The virtual machine guest operating system must be locked when the last console connection is closed. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
