| 3.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v3.0.1 BitLocker (BL) | Windows | MEDIA PROTECTION |
| 4.10.9.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.5 (L1) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DG0010-ORACLE11 - Database executable and configuration files should be monitored for unauthorized modifications. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0016-ORACLE11 - Unused database components, database application software, and database objects should be removed from the DBMS system. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0017-ORACLE11 - A production DBMS installation should not coexist on the same DBMS host with other, non-production DBMS installations - 'All Oracle instances are documented and approved' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0019-ORACLE11 - Application software should be owned by a Software Application account - 'Oracle home directory file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ora SSL_CIPHER_SUITES set to valid cipher suite' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - 'Oracle base directory file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - 'Oracle home directory file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0052-ORACLE11 - All applications that access the database should be logged in the audit trail. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0063-ORACLE11 - DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0095-ORACLE11 - Audit trail data should be reviewed daily or more frequently. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - no PROGRAMS = EXTPROC' - listener.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0118-ORACLE11 - The IAM should review changes to DBA role assignments. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - PORT = 1521, 1575, 1830, 2481, 2482, 2483 or 2484' - cman.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - PORT = 1521, 1575, 1830, 2481, 2482, 2483 or 2484' - listener.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0159-ORACLE11 - Remote administrative access to the database should be monitored by the IAO or IAM. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0161-ORACLE11 - An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0287-ORACLE11 - The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.EXPIRE_TIME > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora LOG_FILE_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\Network\Log\listener.log file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'listener.ora TRACE_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO6751-ORACLE11 - The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 11 or higher - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.ALLOWED_LOGON_VERSION > 11' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DTAM170 - McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI680 - The update check interval must be configured and set to 30 days. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 11 v22H2 v1.0.0 | Windows | MEDIA PROTECTION |
| WN22-00-000160 - Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-CC-000420 - Windows Server 2022 must prevent users from changing installation options. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000420 - Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
