| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Amazon Linux 2 v3.0.0 L2 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.1.8 Ensure SETroubleshoot is not installed | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.7.6 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.6 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.22 Set archive log failover retry limit | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.22 Set archive log failover retry limit | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.22 Set archive log failover retry limit | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - insmod | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.8 Ensure that the kubeAPIQPS [--event-qps] argument is set to 0 or a level which ensures appropriate event capture | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | AUDIT AND ACCOUNTABILITY |
| 4.3 Do not install unnecessary packages in the container | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Minimize the admission of containers wishing to share the host network namespace | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6 Enable OCSP and CRL certificate checking - CRL | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Enable OCSP and CRL certificate checking - OCSP | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.14 Set the 'on-failure' container restart policy to 5 - 'MaximumRetryCount' | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| allowedCapabilities | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | |
| Builds | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | |
| ClusterRoleBindings | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | |
| Deployments | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | |
| DISA_STIG_Splunk_Enterprise_7.x_for_Windows_OS_v3r1.audit from DISA Splunk Enterprise 7.x for Windows v3r1 STIG | DISA STIG Splunk Enterprise 7.x for Windows v3r1 OS | Windows | |
| DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if an error occurs during scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'logging trap severity ' is greater than or equal to '5' | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| GEN000000-LNX00360 - The X server must have the correct options enabled - '-audit = 4' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| NetworkPolicies | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | |
| openshift-apiserver | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | |
| openshift-kube-apiserver | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | |
| Roles | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | |
| Secrets | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | |
| SYMP-AG-000190 - Symantec ProxySG must produce audit records containing information to establish the outcome of the events. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
