| 2.2.1 Ensure 'ACCEPT_MD5_CERTS' Is NOT SET | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - INFOPATH.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - java.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - MSPUB.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OUTLOOK.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Allow Basic authentication - Service - AllowBasic | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow cut copy or paste operations from the clipboard via script - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow file downloads | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow indexing of encrypted files | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow loading of XAML files - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow log on locally | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow only approved domains to use ActiveX controls without prompt - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scriptlets - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow software to run or install even if the signature is invalid | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow updates to status bar via script - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Audit Account Lockout | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit directory service access | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit logon events | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit User Account Management | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure registry policy processing - NoBackgroundPolicy | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Create a pagefile | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Don't run antimalware programs against ActiveX controls - Local Machine Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Force shutdown from a remote system | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| GEN007480 - The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| Generate security audits | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Hardened UNC Paths - \\*\NETLOGON | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Hardened UNC Paths - \\*\SYSVOL | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Interactive logon: Machine account lockout threshold | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - (Reserved) | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - iexplore.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Local Machine Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Join Microsoft MAPS | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Load and unload device drivers | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Maximum password age | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Microsoft network server: Digitally sign communications (always) | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Navigate windows and frames across different domains - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| OH12-1X-000188 - The listen-port element defined within the config.xml of the OHS Standalone Domain must be configured for secure communication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-010482 - Oracle Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
