| 2.2.34 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.45 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.45 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.45 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.45 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.56 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 4.2.3 Ensure rsyslog or syslog-ng is installed | CIS Debian 8 Workstation L1 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure rsyslog or syslog-ng is installed | CIS Debian 9 Server L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure rsyslog or syslog-ng is installed | CIS Debian 9 Workstation L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure rsyslog or syslog-ng is installed | CIS Debian 8 Server L1 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure rsyslog or syslog-ng is installed | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.6 Ensure the set_user extension is installed | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Specify a Secure Authentication Type (AUTHENTICATION) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 7.10 Repairing permissions is no longer needed with 10.11 | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 9.0.4 DB2 Activity Monitor Utility | CIS IBM DB2 OS L1 v1.2.0 | Unix | |
| 20.64 Ensure 'TFTP Client' is 'not installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-14-001022 The macOS system must be configured to audit all failed read actions on the system. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-006100 - PostgreSQL must generate audit records when privileges/permissions are deleted. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | CONFIGURATION MANAGEMENT |
| MYS8-00-012000 - The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-012100 - The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-BP-022600 - Object permissions granted to PUBLIC must be restricted. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL08-00-030320 - OL 8 must generate audit records for any use of the "ssh-keysign" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030370 - OL 8 must generate audit records for any use of the "gpasswd" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PGS9-00-002400 - PostgreSQL must record time stamps, in audit records and application data, that can be mapped to Coordinated Universal Time (UTC, formerly GMT). | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005400 - PostgreSQL must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-009700 - PostgreSQL must protect against a user falsely repudiating having performed organization-defined actions. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030181 - RHEL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654065 - RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-20-010199 - The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000074 - The vCenter Server Administrators must clean up log files after failed installations. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000028 - The vCenter Server for Windows Administrators must clean up log files after failed installations. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN19-AU-000210 - Windows Server 2019 must be configured to audit Logon/Logoff - Special Logon successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000290 - Windows Server 2019 must be configured to audit Policy Change - Authorization Policy Change successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000330 - Windows Server 2019 must be configured to audit System - IPsec Driver failures. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
