| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 14 OS v 1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 13 OS v1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2 Use the updated Linux Kernel | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Use the updated Linux Kernel | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.21 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.23 Ensure that the maximumFileSizeMegabytes argument is set to 100 | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | AUDIT AND ACCOUNTABILITY |
| 1.2.24 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.11 Set maximum connection limits - MAX_CONNECTIONS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.11 Set maximum connection limits - MAXAPPLS | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 3.1.11 Set maximum connection limits - MAXAPPLS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.14 Set maximum connection limits - MAX_CONNECTIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - MAX_CONNECTIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - MAX_COORDAGENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - MAX_COORDAGENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | ACCESS CONTROL |
| 4.6 Review audit queue size | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 5.2.21 Ensure SSH MaxStartups is configured | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| CIS_Aliyun_Linux_2_L2_v1.0.0.audit from CIS Aliyun Linux 2 Benchmark v1.0.0 | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | |
| RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010110 - The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010199 - The Red Hat Enterprise Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010210 - The Red Hat Enterprise Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010260 - The Red Hat Enterprise Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010280 - The Red Hat Enterprise Linux operating system must be configured so that passwords are a minimum of 15 characters in length. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020330 - The Red Hat Enterprise Linux operating system must be configured so that all files and directories have a valid group owner. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-020710 - The Red Hat Enterprise Linux operating system must be configured so that all local initialization files have mode 0740 or less permissive. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020730 - The Red Hat Enterprise Linux operating system must be configured so that local initialization files do not execute world-writable programs. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021700 - The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030510 - The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040200 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040350 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using rhosts authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040370 - The Red Hat Enterprise Linux operating system must not permit direct logons to the root account using remote access via SSH. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040440 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040530 - The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040611 - The Red Hat Enterprise Linux operating system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040612 - The Red Hat Enterprise Linux operating system must use a reverse-path filter for IPv4 network traffic when possible by default. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040641 - The Red Hat Enterprise Linux operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040660 - The Red Hat Enterprise Linux operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000290 - Splunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| WN11-CC-000206 - Windows Update must not obtain updates from other PCs on the internet. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000260 - Windows Server 2019 Windows Update must not obtain updates from other PCs on the Internet. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
