| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.19 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.20 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.4.4 Ensure idle timeout time is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 - Roles, Applications, and Authentication - RSH is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1 - Roles, Applications, and Authentication - Telnet is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 4.5 Periodically review audit settings | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 6.6 Remove sample databases if installed | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 14.10 Off site backup storage - 'Implement' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| Check if OWASP CRS 3 | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | |
| Check if OWASP CRS 3 | CIS Apache HTTP Server 2.4 L2 v2.1.0 | Unix | |
| CNTR-K8-002011 - Kubernetes must have a Pod Security Admission control file configured. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| DKER-EE-005070 - Docker Enterprise Swarm manager auto-lock key must be rotated periodically. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DO3609-ORACLE11 - System privileges granted using the WITH ADMIN OPTION should not be granted to unauthorized user accounts - 'No accounts granted with admin option exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| EX13-EG-000235 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000134 - The Exchange Recipient filter must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JBOS-AS-000045 - Silent Authentication must be removed from the Default Application Security Realm. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| JBOS-AS-000050 - Silent Authentication must be removed from the Default Management Security Realm. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| JUSX-DM-000040 - The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a policy - community | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
| O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| PPS9-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Review the list of all Domains created since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of all Domains updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Tenable_Best_Practices_Citrix_ADC_v1.0.0.audit from Tenable Best Practices | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | |
| TNS_BestPractice_Citrix_XenServer.audit from TNS Citrix XenServer Best Practices | TNS Citrix XenServer | Unix | |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
