| 1.0.1 Install the latest Fixpak | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1 Enable audit buffer - 'audit_buf_sz <= 1000' | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Encrypt user data across the network - 'authentication = Data_Encrypt' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Require explicit authorization for cataloging - 'catalog_noauth = no' | ACCESS CONTROL |
| 3.1.4 Disable data links support - 'datalinks = no' | CONFIGURATION MANAGEMENT |
| 3.1.5 Secure default database location - 'DFTDBPATH directory ownership' | |
| 3.1.5 Secure default database location - 'DFTDBPATH value' | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Set diagnostic logging to capture errors and warnings - 'diaglevel = 3 or 4' | AUDIT AND ACCOUNTABILITY |
| 3.1.9 Require instance name for discovery requests - 'discover = known' | CONFIGURATION MANAGEMENT |
| 3.1.10 Disable instance discoverability - 'discover_inst = disable' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.11 Authenticate federated users at the instance level - 'fed_noauth = no' | ACCESS CONTROL |
| 3.1.12 Enable instance health monitoring - 'health_mon = on' | CONFIGURATION MANAGEMENT |
| 3.1.13 Retain fenced model processes - 'keepfenced = no' | CONFIGURATION MANAGEMENT |
| 3.1.14 Set maximum connection limits - 'max_connections <= 100' | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - 'max_coordagents <= 100' | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - 'maxappls <= 99' | ACCESS CONTROL |
| 3.1.15 Set administrative notification level - 'notifylevel = 3 or 4' | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Enable server-based authentication - 'srvcon_auth = server' | IDENTIFICATION AND AUTHENTICATION |
| 3.2.1 Set failed archive retry delay - 'archretrydelay <= 20' | CONFIGURATION MANAGEMENT |
| 3.2.2 Auto-restart after abnormal termination - 'autorestart = on' | CONFIGURATION MANAGEMENT |
| 3.2.3 Disable database discover - 'discover_db = disable' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.11 Establish retention set size for backups - 'num_db_backups <= 100' | CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.12 Set archive log failover retry limit - 'numarchretry <= 5' | CONFIGURATION MANAGEMENT |
| 3.3.2 Set a generic system name - 'db2system value' | CONFIGURATION MANAGEMENT |
| 3.3.3 Disable DAS discoverability - 'discover = disable' | CONFIGURATION MANAGEMENT |
| 3.3.4 Do not execute expired tasks - 'exec_exp_task = no' | CONFIGURATION MANAGEMENT |
| 3.3.5 Secure the JDK runtime library - 'jdk_path value' | CONFIGURATION MANAGEMENT |
| 3.3.6 Secure the JDK 64-bit runtime library - 'jdk_64_path value' | CONFIGURATION MANAGEMENT |
| 3.3.7 Disable unused task scheduler - 'sched_enable = off' | CONFIGURATION MANAGEMENT |
| 4.0.1 Enforce Label-Based Access Controls Implementation | |
| 5.0.1 Enable Backup Redundancy | |
| 5.0.3 Enable Database Maintenance - 'auto_maint = on' | CONFIGURATION MANAGEMENT |
| 7.0.1 Establish an administrator group - 'sysadm_group value' | ACCESS CONTROL |
| 7.0.2 Establish system control group - 'sysctrl_group value' | ACCESS CONTROL |
| 8.0.2 Start and Stop DB2 Administrator Server | |
| 8.0.5 Remove Default Databases - 'Database name != SAMPLE' | CONFIGURATION MANAGEMENT |
| 8.0.6 Enable SSL communication with LDAP server | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.0.7 Secure the permission of the IBMLDAPSecurity.ini file | |
| 8.0.8 Secure the permission of the SSLconfig.ini file | |
| CIS_v1.2.0_IBM_DB2_OS_Linux_Level_2.audit from CIS DB2 8, 9 & 9.5 for Linux | |
