| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.20 Ensure that the maximumRetainedFiles argument is set to 10 or as appropriate | CIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift | OpenShift | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 3.1.7 Secure permissions for all diagnostic logs | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.14 Set maximum connection limits - 'max_connections <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRROLOGPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.20 Secure permissions for the log mirror location - MIRROLOGPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Users list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 5.28 Ensure PIDs cgroup limit is used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.28 Use PIDs cgroup limit | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 23.1 (L1) Ensure 'DO Download Mode' is NOT set to 'HTTP blended with Internet Peering' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestline' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000150 - The Juniper EX switch must be configured to enable Storm Control on all host-facing access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r3 | Unix | ACCESS CONTROL |
| RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010320 - The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010430 - The Red Hat Enterprise Linux operating system must be configured so that the delay between logon prompts following a failed console logon attempt is at least four seconds. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020300 - The Red Hat Enterprise Linux operating system must be configured so that all Group Identifiers (GIDs) referenced in the /etc/passwd file are defined in the /etc/group file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-021010 - The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-022400 - SQL Server must ensure, if Database Availability Groups are being used and there is a server failure, that none of the potential failover servers would suffer from resource exhaustion. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
