| 1.1.2 Ensure /tmp is configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.8 Ensure nodev option set on /dev/shm partition | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.10 Ensure separate partition exists for /var | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.5 Ensure the SELinux mode is enforcing - /etc/selinux/config | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.16 Ensure IAM policies that allow full '*:*' administrative privileges are not attached | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.5 Ensure permissions on SSH public host key files are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| AOSX-12-000995 - The OS X system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple Mac OSX 10.12 v1r6 | Unix | ACCESS CONTROL |
| APPL-14-002001 - The macOS system must disable Server Message Block sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| APPL-14-002100 - The macOS system must disable Media Sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| Big Sur - Disable Bluetooth Sharing | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000410 - Kubernetes Worker Nodes must not have the sshd service enabled. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - LIBRARIES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - PACKAGES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality - SYSCTRL_GROUP | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality - SYSMAINT_GROUP | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality - SYSMON_GROUP | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - MODULEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - PACKAGEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - SURROGATEAUTHIDS | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - VARIABLEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| ESXI-06-000002 - The system must verify the DCUI.Access list. | DISA STIG VMware vSphere 6.x ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-06-000062 - The system must prevent unintended use of the dvFilter network APIs. | DISA STIG VMware vSphere 6.x ESXi v1r4 | VMware | ACCESS CONTROL |
| F5BI-AP-000240 - The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | ACCESS CONTROL |
| GEN001190 M6 - All network services daemon files must not have extended ACLs - '/usr/sbin/*' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001210 M6 - System command files must not have extended ACLs - '/sbin' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001210 M6 - System command files must not have extended ACLs - '/usr/sbin' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001290 M6 - All manual page files must not have extended ACLs - '/usr/share/man/*' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001310 M6 - All library files must not have extended ACLs - '/usr/lib' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001365 M6 - The /etc/resolv.conf file must not have an extended ACL | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001369 M6 - The /etc/hosts file must not have an extended ACL | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001490 M6 - User home directories must not have extended ACLs - '/Users/*' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001590 M6 - Launch control scripts must not have extended ACLs - '/Library/LaunchAgents' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001590 M6 - Launch control scripts must not have extended ACLs - '/Library/LaunchDaemons' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001590 M6 - Launch control scripts must not have extended ACLs - '/System/Library/LaunchDaemons' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003090 M6 - Crontab files must not have extended ACLs - '/private/var/at/cron.deny' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003090 M6 - Crontab files must not have extended ACLs - '/usr/lib/cron' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003090 M6 - Crontab files must not have extended ACLs - '/usr/sbin/cron' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| OL08-00-010141 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| OL08-00-010151 - OL 8 operating systems must require authentication upon booting into rescue mode. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| PPS9-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | EDB PostgreSQL Advanced Server OS Linux Audit v1r7 | Unix | ACCESS CONTROL |
| RHEL-08-010151 - RHEL 8 operating systems must require authentication upon booting into rescue mode. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | ACCESS CONTROL |
| SYMP-NM-000020 - Symantec ProxySG must be configured to enforce user authorization to implement least privilege. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| WN11-UR-000010 - The 'Access this computer from the network' user right must only be assigned to the Administrators and Remote Desktop Users groups. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN11-UR-000025 - The 'Allow log on locally' user right must only be assigned to the Administrators and Users groups. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-DC-000380 - Windows Server 2022 Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-DC-000400 - Windows Server 2022 Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
