| 5.4 Ensure the default security group of every VPC restricts all traffic | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.sh | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| APPL-14-002008 - The macOS system must disable the built-in web server. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| Big Sur - Disable Bluetooth Sharing | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Bluetooth Sharing | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Bluetooth Sharing | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000430 - Kubernetes Kubectl cp command must give expected access and results. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifest | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - manifest | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - MODULES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - TABCONST | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - TABLES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - TRIGGERS | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality - SYSADM_GROUP | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - COLAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - DBAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - PASSTHRUAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - ROLEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - SCHEMAAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - SEQUENCEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - TABAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - WORKLOADAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - XSROBJECTAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-008000 - DB2 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status - objects | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-008000 - DB2 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status - schemas | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| ESXI-65-000062 - The ESXi host must prevent unintended use of the dvFilter network APIs. | DISA STIG VMware vSphere ESXi 6.5 v1r4 | VMware | ACCESS CONTROL |
| GEN002230 M6 - All shell files must not have extended ACLs - '/etc/shells' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN004010 M6 - The traceroute file must not have an extended ACL - '/usr/sbin/traceroute' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN004390 M6 - The alias file must not have an extended ACL - '/etc/aliases' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN006150 M6 - The /etc/smb.conf file must not have an extended ACL - '/etc/smb.conf' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OL07-00-010483 - Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| OL07-00-010492 - Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| OL08-00-010140 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| OL08-00-010149 - OL 8 operating systems booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| OL08-00-010150 - OL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| OL08-00-010152 - OL 8 operating systems must require authentication upon booting into emergency mode. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | ACCESS CONTROL |
| RHEL-09-212010 - RHEL 9 must require a boot loader superuser password. | DISA Red Hat Enterprise Linux 9 STIG v2r1 | Unix | ACCESS CONTROL |
| SLES-15-010200 - SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance. | DISA SLES 15 STIG v2r1 | Unix | ACCESS CONTROL |
| WN11-UR-000075 - The 'Deny log on as a batch job' user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-MS-000080 - Windows Server 2022 Deny access to this computer from the network user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and local accounts and from unauthenticated access on all systems. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-MS-000110 - Windows Server 2022 Deny log on locally user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
