| 2.3.1.3 Ensure 'Accounts: Guest account status' is set to 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.22.2 Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL |
| 2.3.27.11 Ensure 'Disable password to open UI' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.28.2 (L1) Ensure 'Disable the Office client from polling the SharePoint Server for published links' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-000005 The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-15-000005 - The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-001060 - The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO216 - Outlook - Publishing calendars to Office Online must be prevented. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO216 - Publishing calendars to Office Online must be prevented. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000015 - Exchange must have Forms-based Authentication disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000030 - Exchange Servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - BasicAuthEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - ExternalAuthenticationMethods | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - InternalAuthenticationMethods | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WindowsAuthEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000040 - Exchange must have IIS map client certificates to an approved certificate server. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000050 - Exchange must have Audit record parameters set. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-CA-000055 - Exchange must have Queue monitoring configured with threshold and action. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-CA-000060 - Exchange must have Send Fatal Errors to Microsoft disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000070 - Exchange must not send Customer Experience reports to Microsoft. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000090 - Exchange Local machine policy must require signed scripts. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000100 - Exchange POP3 service must be disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000110 - Exchange must have the Microsoft Active Sync directory removed. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000120 - Exchange software baseline copy must exist. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000135 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000150 - Exchange OWA must use https - External | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000003 - The BIG-IP APM module must enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| F5BI-AP-000025 - The BIG-IP APM module must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users accessing virtual servers acknowledge the usage conditions and take explicit actions to log on for further access. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| F5BI-AP-000027 - The BIG-IP APM module must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to publicly accessible applications. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| F5BI-AP-000087 - The BIG-IP APM module must be configured to uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users) when connecting to virtual servers. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| F5BI-AP-000193 - The BIG-IP APM module must be configured to require multifactor authentication for remote access with non-privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000195 - The BIG-IP APM module must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000211 - The BIG-IP APM module must conform to FICAM-issued profiles. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000229 - The BIG-IP APM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-000232 - The F5 BIG-IP appliance must configure OCSP to ensure revoked user credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000233 - The F5 BIG-IP appliance must configure OCSP to ensure revoked machine credentials are prohibited from establishing an allowed session. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000241 - When the Access Profile Type is LTM+APM and it is not using any connectivity resources (such as Network Access, Portal Access, etc.) in the VPE, the F5 BIG-IP appliance must be configured to enable the HTTP Only flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WPAW-00-000200 - Site IT resources designated as high value by the Authorizing Official (AO) must be remotely managed only via a Windows privileged access workstation (PAW) - AO must be remotely managed only via PAW | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-000500 - A Windows PAW must only be used to manage high-value IT resources assigned to the same tier. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-002200 - The Windows PAW must be configured so that all outbound connections to the Internet from a PAW are blocked. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
