| 1.1.2.3.1 Ensure separate partition exists for /home | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.3 Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.3.1 Ensure separate partition exists for /var | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.9 Ensure nosuid option set on /var/tmp partition | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.10 Ensure noexec option set on /var/tmp partition | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.7 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3 Ensure Data Cluster Initialized Successfully | CIS PostgreSQL 16 OS v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.5 Ensure the SELinux mode is enforcing | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.5 Ensure the SELinux mode is enforcing | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.3 Ensure SELinux policy is configured | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.3 Ensure SELinux or AppArmor are installed | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4.5 Ensure permissions on /etc/hosts.deny are configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3 If proxy kube proxy configuration file exists ensure permissions are set to 644 or more restrictive | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - ModLoad | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.2.3 Ensure syslog-ng default file permissions configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.allow | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.allow | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.deny | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure audit log files are mode 0640 or less permissive | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.2 Ensure audit log files are mode 0640 or less permissive | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.3 Ensure only authorized users own audit log files | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2 Ensure system accounts are non-login | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc.local | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.local | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure no world writable files exist | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.14 Audit system file permissions | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| DO6747: Connection Manager remote administration - '%ORACLE_HOME%\NETWORK\ADMIN\CMAN.ORA REMOTE_ADMIN = no' | DISA STIG Oracle 11 Installation v8r19 Windows | Windows | ACCESS CONTROL |
| OSX00110 - Restrict sudo usage - 'tty_tickets' | DISA STIG Apple Mac OSX 10.5 v1r2 | Unix | ACCESS CONTROL |
