| 2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.3 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.5 (L1) Ensure 'Add workstations to domain' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.10 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.39 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure Apache Directories and Files Are Owned By Root | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| GEN000930 - The root account's home directory must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN001140 - System files and directories must not have uneven access permissions - /sbin/* | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN001190 - All network services daemon files must not have extended ACLs - /usr/lib/ssh/sshd | DISA STIG Solaris 10 X86 v2r2 | Unix | ACCESS CONTROL |
| GEN001280 - Manual page files must have mode 0655 or less permissive - /usr/share/man/* | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN001361 - NIS/NIS+/yp command files must not have extended ACLs. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN001365 - The /etc/resolv.conf file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r2 | Unix | ACCESS CONTROL |
| GEN001400 - The /etc/shadow (or equivalent) file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN001420 - The /etc/shadow (or equivalent) file must have mode 0400. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN001490 - User's home directories must not have extended ACLs. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN001590 - All run control scripts must have no extended ACLs. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN001590 - All run control scripts must have no extended ACLs. | DISA STIG Solaris 10 X86 v2r2 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN001810 - Skeleton files must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r2 | Unix | ACCESS CONTROL |
| GEN002330 - Audio devices must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r2 | Unix | ACCESS CONTROL |
| GEN002560 - The system and user default umask must be 077 - /etc/skel | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN002560 - The system and user default umask must be 077 - /etc/skel | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN002990 - The cron.allow file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN003210 - The cron.deny file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r1 | Unix | ACCESS CONTROL |
| GEN003505 - The centralized process core dump data directory must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN003523 - The kernel core dump data directory must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r1 | Unix | ACCESS CONTROL |
| GEN003740 - The inetd.conf file must have mode 0440 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN003745 - The inetd.conf file must not have extended ACLs. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN003790 - The services file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r1 | Unix | ACCESS CONTROL |
| GEN003790 - The services file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive - SMB_CONF | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004010 - The traceroute file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r1 | Unix | ACCESS CONTROL |
| GEN004390 - The alias file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN004480 - The SMTP service log file must be owned by root - /var/adm/messages | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004510 - The SMTP service log file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN004880 - The ftpusers file must exist. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN005320 - The snmpd.conf file must have mode 0600 or less permissive - /etc/sma/snmp/snmpd.conf | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN005375 - The snmpd.conf file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r1 | Unix | ACCESS CONTROL |
| GEN006270 - The /etc/news/hosts.nntp file must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r2 | Unix | ACCESS CONTROL |
| GEN006270 - The /etc/news/hosts.nntp file must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN008120 - If the system is using LDAP for authentication or account information, the /etc/ldap.conf (or equivalent) file must not have an extended ACL - ldap_client_cred | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN008200 - If the system is using LDAP for authentication or account information, the LDAP TLS certificate authority file and/or directory (as appropriate) must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
| GEN008740 - The system's boot loader configuration file(s) must not have extended ACLs. | DISA STIG Solaris 10 X86 v2r1 | Unix | ACCESS CONTROL |
