| 1.5.1.5 Ensure permissions on /etc/issue are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.6 Ensure permissions on /etc/issue.net are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.22 Ensure 'log_error_verbosity' is set correctly | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure Access to Audit Records Is Controlled - /etc/security/audit_control | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | ACCESS CONTROL |
| 18.9.58.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.10.51.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| AOSX-13-000240 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-001700 - The EDB Postgres Advanced Server must produce audit records containing time stamps to establish when the events occurred. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-001800 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish where the events occurred. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002000 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003500 - Database objects must be owned by database/EDB Postgres Advanced Server principals authorized for ownership. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-003700 - Default, demonstration and sample databases, database objects, and applications must be removed. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-004800 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-005200 - The EDB Postgres Advanced Server must invalidate session identifiers upon user logout or other session termination. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-005800 - The EDB Postgres Advanced Server must isolate security functions from nonsecurity functions. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-007000 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in process. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007100 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-008200 - The EDB Postgres Advanced Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT). | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-008300 - The EDB Postgres Advanced Server must generate time stamps for audit records and application data, with a minimum granularity of one second. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-008500 - The EDB Postgres Advanced Server must enforce access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s). | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-008600 - The EDB Postgres Advanced Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s). | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EPAS-00-009000 - The DBMS must use NSA-approved cryptography to protect classified information in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-009900 - Security-relevant software updates to the EDB Postgres Advanced Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-010200 - The EDB Postgres Advanced Server must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010300 - Audit records must be generated when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010400 - The EDB Postgres Advanced Server must generate audit records when privileges/permissions are added. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010500 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to add privileges/permissions occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010700 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to modify privileges/permissions occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011050 - Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011150 - Audit records must be generated when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011400 - The EDB Postgres Advanced Server must generate audit records when security objects are deleted. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011600 - Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011900 - The EDB Postgres Advanced Server must generate audit records when unsuccessful logons or connection attempts occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-012100 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-012200 - The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s). | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-030140 - OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd". | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030160 - OL 8 must generate audit records for all account creation events that affect "/etc/gshadow". | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
