| 2.3 Ensure monitoring and alerting exist for password sign-ins of SSO users | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 8.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Amazon_Linux_2023_v1.0.0_L1_Server.audit from CIS Amazon Linux 2023 Benchmark v1.0.0 | CIS Amazon Linux 2023 v1.0.0 L1 Server | Unix | |
| CIS_Apache_Cassandra_3.11_v1.0.0_L1_OS_Unix.audit from CIS Apache Cassandra 3.11 Benchmark v1.0.0 | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | |
| CIS_Apache_Cassandra_3.11_v1.0.0_L1_OS_Unix.audit from CIS Apache Cassandra 3.11 Benchmark v1.0.0 | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | |
| CIS_Apache_Tomcat_11_v1.0.0_L1.audit from CIS Apache Tomcat 11 Benchmark v1.0.0 | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | |
| CIS_IBM_WebSphere_Liberty_v1.0.0_L1.audit from CIS IBM WebSphere Liberty Benchmark v1.0.0 | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | |
| CIS_Microsoft_Exchange_Server_2019_v1.0.0_Level_1_Edge.audit from CIS Microsoft Exchange Server 2019 Benchmark v1.0.0 | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Windows_10_STIG_v1.0.0_CAT_I.audit from CIS Microsoft Windows 10 STIG v1.0.0 | CIS Microsoft Windows 10 STIG v1.0.0 CAT I | Windows | |
| CIS_Microsoft_Windows_10_STIG_v1.0.0_CAT_III.audit from CIS Microsoft Windows 10 STIG Benchmark v1.0.0 | CIS Microsoft Windows 10 STIG v1.0.0 CAT III | Windows | |
| CIS_MongoDB_3.2_Benchmark_Level_1_OS_Unix_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | |
| CIS_MongoDB_3.2_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_3.2_Benchmark_Level_2_OS_Windows_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L2 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_3.4_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB 3.4 Benchmark v1.0.0 | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_3.4_Benchmark_Level_2_OS_Windows_v1.0.0.audit from CIS MongoDB 3.4 Benchmark v1.0.0 | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | |
| CIS_Mozilla_Firefox_102_ESR_v1.0.0_Linux_Level1.audit for CIS Mozilla Firefox 102 ESR v1.0.0 | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | |
| CIS_Oracle_Linux_8_STIG_v1.0.0_CAT_I.audit from CIS Oracle Linux 8 STIG v1.0.0 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | |
| CIS_Ubuntu_Linux_24.04_LTS_v1.0.0_L2_Workstation.audit from CIS Ubuntu Linux 24.04 LTS v1.0.0 | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | |
| CIS_VMware_ESXi_6.5_v1.0.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.5 v1.0.0 benchmark | CIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal | Unix | |
| CIS_VMware_ESXi_6.5_v1.0.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.5 v1.0.0 benchmark | CIS VMware ESXi 6.5 v1.0.0 Level 2 Bare Metal | Unix | |
| DTAM104 - McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown unwanted programs and trojans. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM105 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown macro viruses. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - AAA lockouts delay further attempts for at least 30 seconds | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA user mapping default | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Configuration auditing logs the required number of changes | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Greylists are enabled | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Guest images | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - IPMI password needs to be set | TNS FireEye | FireEye | |
| FireEye - LDAP requires encryption | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Local logging level includes all errors and warnings | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - System events are emailed to administrators | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - The appliance uses a trusted DNS server | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Web users are logged out after 20 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| GEN008380 - A root kit check tool must be run on the system at least weekly. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000023 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| NIST_macOS_Monterey_800-53r4_high_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | |
| NIST_macOS_Monterey_800-53r5_high_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | |
| NIST_macOS_Monterey_800-53r5_moderate_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | |
| NIST_macOS_Monterey_800-171_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-171 | Unix | |
| PANW-IP-000051 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected which indicate a compromise or potential for compromise. | DISA Palo Alto Networks IDPS STIG v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Certs - Untrusted CA | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Detect MD5 Digest | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Detect Self-signed certs | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Detect Weak Ciphers (<64 bits) | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
