| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3 - MobileIron - Mark Company Mail Domain | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.14 Set maximum connection limits - 'max_connections <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 5.28 Ensure PIDs cgroup limit is used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.28 Use PIDs cgroup limit | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.28 Use PIDs cgroup limit | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 23.1 (L1) Ensure 'DO Download Mode' is NOT set to 'HTTP blended with Internet Peering' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 100. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:migrate' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001950 - Linux Kernel capabilities must be restricted within containers as defined in the System Security Plan (SSP) for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopen | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000150 - The Juniper EX switch must be configured to enable Storm Control on all host-facing access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| OL07-00-010482 - Oracle Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010320 - The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-020240 - The Red Hat Enterprise Linux operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020300 - The Red Hat Enterprise Linux operating system must be configured so that all Group Identifiers (GIDs) referenced in the /etc/passwd file are defined in the /etc/group file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-021010 - The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-022400 - SQL Server must ensure, if Database Availability Groups are being used and there is a server failure, that none of the potential failover servers would suffer from resource exhaustion. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
