| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Linux v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Windows v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Windows v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Linux v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v4.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v4.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.10.5 Enable Security Posture | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.1.1.4 Ensure only one logging system is in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.1.4 Ensure only one logging system is in use | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.4 Ensure only one logging system is in use | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 9.24 Find Files and Directories with Extended Attributes | CIS Solaris 11.2 L1 v1.1.0 | Unix | |
| 9.25 Find Files and Directories with Extended Attributes | CIS Solaris 11 L1 v1.1.0 | Unix | |
| 9.25 Find Files and Directories with Extended Attributes | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 12.03 Unix root group members on host - 'Disallow 'oracle' as a member of root group' | CIS v1.1.0 Oracle 11g OS L1 | Unix | ACCESS CONTROL |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| CD12-00-009200 - Unused database components that are integrated in PostgreSQL and cannot be uninstalled must be disabled. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CD12-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-EG-000260 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000520 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000139 - The Exchange Simple Mail Transfer Protocol (SMTP) Sender filter must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-009200 - Unused database components which are integrated in PostgreSQL and cannot be uninstalled must be disabled. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| vCenter: vcenter-8.administration-sso-password-lifetime | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| vCenter: vcenter-8.vami-administration-password-expiration | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
