| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 13 OS v1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 14 OS v 1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1.18 - MobileIron - Limit the 'number of messages' for 'Text message limit' | MobileIron - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2.21 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.24 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1 Authentication and Verification of OSPF Routing Protocols - authentication message-digest | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-key | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.1.14 Set maximum connection limits - MAX_COORDAGENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 3.2 Authentication and Verification of ISIS Routing Protocols - authentication | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Authentication and Verification of ISIS Routing Protocols - authentication-type hmac-md5 | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 4.1.13 Ensure use of privileged commands is collected | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure file deletion events by users are collected - auditctl 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.6 Review audit queue size | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 4.8 Remove setuid and setgid permissions in the images | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.3.1 Ensure password creation requirements are configured - lcredit | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - ocredit | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - ucredit | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.5 Ensure minimum and maximum requirements are set for password changes - difok | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.5 Ensure minimum and maximum requirements are set for password changes - minclass | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS Amazon Linux Benchmark Level 2 | CIS Amazon Linux v2.1.0 L2 | Unix | |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| GEN003540 - The system must implement non-executable program stacks - 'kernel.randomize_va_space' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000135 - JBoss ROOT logger must be configured to utilize the appropriate logging level. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-010110 - The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010310 - The Red Hat Enterprise Linux operating system must disable account identifiers (individuals, groups, roles, and devices) if the password expires. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010340 - The Red Hat Enterprise Linux operating system must be configured so that users must provide a password for privilege escalation. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010342 - The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010470 - The Red Hat Enterprise Linux operating system must not allow a non-certificate trusted host SSH logon to the system. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020320 - The Red Hat Enterprise Linux operating system must be configured so that all files and directories have a valid owner. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030910 - The Red Hat Enterprise Linux operating system must audit all uses of the unlink, unlinkat, rename, renameat, and rmdir syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-040110 - The Red Hat Enterprise Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040370 - The Red Hat Enterprise Linux operating system must not permit direct logons to the root account using remote access via SSH. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040530 - The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040620 - The Red Hat Enterprise Linux operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040690 - The Red Hat Enterprise Linux operating system must not have a File Transfer Protocol (FTP) server package installed unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040712 - The Red Hat Enterprise Linux operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040740 - The Red Hat Enterprise Linux operating system must not be performing packet forwarding unless the system is a router. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000290 - Splunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
