| 2.2.28 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.28 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 3.3.1.2 Ensure IPv6 loopback traffic is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.3 Ensure logging is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.1 Ensure journald is configured to compress large log files | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure logrotate is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.14 Ensure only strong MAC algorithms are used | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.17 Ensure SSH LoginGraceTime is set to one minute or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.22 Ensure SSH MaxSessions is set to 4 or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.3.1.4 Ensure inactive password lock is 30 days or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.4 Ensure default user umask is 027 or more restrictive | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Configuring syslog - remote logging - auth.info in /etc/syslog.conf | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2.2 Ensure syslog is configured to send logs to a remote log host | CIS IBM AIX 7 v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| AuthConfig | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| ip6tables Chain FORWARD DROP REJECT | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| ip6tables Chain INPUT DROP REJECT | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| ip6tables input | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| lsmod | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv6.conf.all.accept_ra | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| passwdqc.conf - enforce | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| passwdqc.conf - min | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| platform flags | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| Salesforce.com : Administrator Access - 'No System Administrator accounts have been created since the last scan' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Administrator Access - 'No System Administrator accounts have been modified since the last scan' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Execution User ID' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Error URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Error URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Send Client Credentials in Header' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Token Endpoint URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Salesforce' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Email Services - 'AttachmentOption != 2 or 3' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'AuthenticationFailureAction != 2 or 3' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'IsTextAttachmentsAsBinary = False' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'OverLimitAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Monitoring Login History - 'Users that have not logged in' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Network-Based Security - 'Login IP Addresses' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | AUDIT AND ACCOUNTABILITY |
| Salesforce.com : Object Permissions - 'DefaultAccountAccess should not be Public Read/Write or Public Read/Write/Transfer' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Securing Data Access - 'DashboardMobile iPad access' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'minimum password length >= 8' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Password Policies - 'Must mix numbers, uppercase and lowercase letters, and special characters' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Session Security - 'Review Site.com Contributor User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Site.com Publisher User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Wireless User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| SalesForce.com : User Permissions - 'Review Active System Administrators' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| system accounts locked | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| system accounts non login shells | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| system-auth password required pam_passwdqc.so config | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| useradd - INACTIVE | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
