| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.19 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.20 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.4.4 Ensure idle timeout time is configured | CIS Fortigate 7.0.x v1.4.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.16 Ensure no login exists with the name 'sa' | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 - Roles, Applications, and Authentication - RSH is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1 - Roles, Applications, and Authentication - Telnet is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 4.5 Periodically review audit settings | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.3.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.6 Remove sample databases if installed | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 14.10 Off site backup storage - 'Implement' | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule env_module' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'ScriptAlias' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CNTR-K8-002011 - Kubernetes must have a Pod Security Admission control file configured. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| Configuration files should be secured against unauthorized access. | TNS IBM HTTP Server Best Practice | Windows | |
| Disable unused network ports | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-005070 - Docker Enterprise Swarm manager auto-lock key must be rotated periodically. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| FireEye - TNS Best Practices FireEye Audit | TNS FireEye | FireEye | |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY |
| HTTP TRACE method should be disabled. 'TraceEnable' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| JBOS-AS-000045 - Silent Authentication must be removed from the Default Application Security Realm. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000050 - Silent Authentication must be removed from the Default Management Security Realm. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JUSX-DM-000040 - The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| OS10-L2S-000230 - The Dell OS10 Switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA Dell OS10 Switch Layer 2 Switch STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| PPS9-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Review the list of all Domains created since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of all Domains updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Tenable_Best_Practices_Citrix_ADC_v1.0.0.audit from Tenable Best Practices | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | |
| Tenable_Best_Practices_Citrix_ADM_v1.0.0.audit from Tenable Best Practices | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000960 - The WebSphere Application Server must be run as a non-admin user. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
