| 1.1.1 Install Available Updates | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.3 Ensure nodev option set on /tmp partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.13 Disable Automounting | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.4 Ensure suspicious packets are logged | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.5 Ensure broadcast ICMP requests are ignored | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Ensure IPv6 loopback traffic is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Ensure IPv6 outbound and established connections are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Ensure default deny firewall policy | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3 Ensure iptables is installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.2 Ensure Logging Service is Running | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.1 Ensure journald is configured to compress large log files | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.2 Ensure journald is configured to write logfiles to persistent disk | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure permissions on all logfiles are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Ensure logrotate is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2 Restrict Access to SYSCAT.AUDITUSE | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.5 Restrict Access to SYSCAT.COLGROUPDIST | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.7 Restrict Access to SYSCAT.CONTEXTATTRIBUTES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.24 Restrict Access to SYSCAT.SECURITYLABELACCESS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.29 Restrict Access to SYSCAT.SECURITYPOLICYCOMPONENTRULES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.44 Restrict Access to SYSCAT.WRAPOPTIONS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.46 Restrict Access to SYSSTAT.COLDIST | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.8 Restrict Access to SYSIBM.SYSCONTEXTS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.23 Restrict Access to SYSIBM.SYSROUTINES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.26 Restrict Access to SYSIBM.SYSSCHEMATA | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.32 Restrict Access to SYSIBM.SYSSECURITYPOLICYCOMPONENTRULES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.34 Restrict Access to SYSIBM.SYSSERVEROPTIONS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.36 Restrict Access to SYSIBM.SYSSTATEMENTTEXTS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.3 Restrict Access to SYSIBMADM.PRIVILEGES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.8 Restrict Access to SYSIBMADM.OBJECTOWNERS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.2 Remove Unused Schemas | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 5.1.1 Ensure that 'security defaults' is enabled in Microsoft Entra ID | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.2 Ensure permissions on SSH private host key files are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure SSH Protocol is set to 2 | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.9 Ensure SSH HostbasedAuthentication is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1.13 Ensure only strong Ciphers are used | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.14 Ensure only strong MAC algorithms are used | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.16 Ensure SSH Idle Timeout Interval is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL |
| 5.1.18 Ensure SSH warning banner is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure system accounts are secured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4 Ensure root login is restricted to system console | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL |
| 6.1.4 Ensure permissions on /etc/gshadow are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Secure WLMADM Authority | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.18 Secure SCHEMAADM Authority | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.6 Review Role Grantees with WITH ADMIN OPTION | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.2 Do Not Allow Trusted Context to Switch Users Without Authentication | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| 7.1.3 Ensure Audit Policies are Enabled Within the Database | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| 8.2.10 Turn Off ALLOW_KEY_INSERT_WITHOUT_KEYSTORE_BACKUP | CIS IBM DB2 11 v1.2.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 8.2.11 Keep Master Key Labels Unique | CIS IBM DB2 11 v1.2.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
