| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.3 Ensure nosuid option set on /var partition | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.2 Ensure nodev option set on /var/tmp partition | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.7 Ensure that the etcd pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.7 Ensure that the --authorization-mode argument includes Node | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.5 Ensure the SELinux mode is enforcing | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1 Prevent Database Users from Logging into the Operating System | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5 Ensure that the --peer-client-cert-auth argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.11 Secure the Python Runtime Path (PYTHON_PATH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.12 Secure the R Runtime Path (R_PATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.4 Enable Extended Security (DB2_EXTSECURITY) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Secure Db2 Runtime Library | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.2 Secure the Database Container Directory | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1 Restrict Access to SYSCAT.AUDITPOLICIES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.6 Restrict Access to SYSCAT.COLUMNS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.10 Restrict Access to SYSCAT.CONTROLS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.20 Restrict Access to SYSCAT.ROLEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.21 Restrict Access to SYSCAT.ROLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.4 Restrict Access to SYSIBM.SYSCOLDIST | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.10 Restrict Access to SYSIBM.SYSCONTROLS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.11 Restrict Access to SYSIBM.SYSDBAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.19 Restrict Access to SYSIBM.SYSPLAN | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.20 Restrict Access to SYSIBM.SYSROLEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.21 Restrict Access to SYSIBM.SYSROLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.22 Restrict Access to SYSIBM.SYSROUTINEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.24 Restrict Access to SYSIBM.ROUTINES_S | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.27 Restrict Access to SYSIBM.SYSSECURITYLABELACCESS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.29 Restrict Access to SYSIBM.SYSSECURITYLABELCOMPONENTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.40 Restrict Access to SYSIBM.SYSTBSPACEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.1 Restrict Access to Tablespaces | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.7 Ensure access to the su command is restricted | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.6 Ensure root user umask is configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5 Ensure routing tables for VPC peering are 'least access' | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.3 Secure SYSMAINT Authority | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Secure SYSMON Authority | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.5 Secure SECADM Authority | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.14 Audit system file permissions | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.14 Secure LOAD Authority | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.16 Secure QUIESCECONNECT Authority | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Review Role Members | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.5 Review Roles Granted to PUBLIC | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.1 Review Organization's Policies Against Db2 RCAC Policies | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.2 Review Row Permission Logic According to Policy | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.10 Ensure permissions on /etc/security/opasswd are configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
