| 1.3 Ensure All Sample Data And Users Have Been Removed | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.1.3 Ensure 'ACCEPT_SHA1_CERTS' Is Configured Correctly | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.3 Ensure 'ACCEPT_SHA1_CERTS' Is Configured Correctly | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure 'ACCEPT_SHA1_CERTS' Is NOT Set | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Windows Server Host OS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.13 Ensure 'REMOTE_LISTENER' Is Empty | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1 Ensure password creation requirements are configured | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.7 Ensure pwd_algorithm is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.1 Ensure password creation requirements are configured | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 8.2 (BL) Ensure 'Allow Warning For Other Disk Encryption' is set to 'Disabled' | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 (BL) Ensure 'Allow Warning For Other Disk Encryption' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4 Enable a Warning Banner for the GNOME Service | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 12.55 Passwords - 'Remove password parameters from configuration files utilized for Silent Installations' | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| 14.01 Oracle Label Security - 'Where possible use Oracle Label Security' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2019 v4.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.52.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-031920 - AlmaLinux OS 9 must require users to provide authentication for privilege escalation. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-044680 - AlmaLinux OS 9 must enable mitigations against processor-based vulnerabilities. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-054360 - AlmaLinux OS 9 audit system must make full use of the audit storage space. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001000 - A BIND 9.x server implementation must be operating on a Current-Stable version as defined by ISC. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001042 - The BIND 9.x server implementation must maintain at least 3 file versions of the local log file. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001058 - The secondary name servers in a BIND 9.x implementation must be configured to initiate zone update notifications to other authoritative zone name servers. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001700 - On the BIND 9.x server a zone file must not include resource records that resolve to a fully qualified domain name residing in another zone. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DO0250-ORACLE11 - Fixed user and public database links should be authorized for use - 'sys.dba_repcatlog count = 0' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| F5BI-LT-000213 - The F5 BIG-IP appliance providing user authentication intermediary services must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN001680 - All system start-up files must be group-owned by root, sys, bin, other, or system. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MS.DEFENDER.2.2v1 - Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| O112-BP-021400 - Fixed user and public database links must be authorized for use. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-018500 - The DBMS must isolate security functions from non-security functions by means of separate security domains. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000074 - OHS log files must only be accessible by privileged users - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000186 - The CustomIdentityPrivateKeyPassPhrase property of the Node Manager configured to support OHS must be configured for secure communication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232220 - RHEL 9 audit tools must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-254020 - RHEL 9 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| Select the channel for Microsoft Defender monthly engine updates | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Select the channel for Microsoft Defender monthly platform updates | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| WBLC-01-000011 - Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Oracle WebLogic Server 12c Windows v2r2 | Windows | ACCESS CONTROL |
| WBLC-02-000065 - Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000074 - Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000081 - Oracle WebLogic must provide the ability to write specified audit record content to an audit log server. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-00-000055 - Alternate operating systems must not be permitted on the same system. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
