| 1.2.2 Configure IP Blocking on Failed Logins | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 2.1.2 Turn off Bluetooth "Discoverable" mode when not pairing devices | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 (L2) Ensure VDS health check is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.12 (L2) Host must enable volatile key destruction | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.21 (L2) Host should enable strict lockdown mode | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | ACCESS CONTROL |
| 5.1.2.6 (L2) Ensure 'LinkedIn account connections' is disabled | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 8.5.8 (L2) Ensure external meeting chat is off | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 9.1.10 Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-003210 - AlmaLinux OS 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-019050 - AlmaLinux OS 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-022460 - AlmaLinux OS 9 must disable the ability of a user to restart the system from the login screen. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-035770 - AlmaLinux OS 9 must enforce password complexity by requiring that at least one lowercase character be used. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039070 - AlmaLinux OS 9, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-046220 - AlmaLinux OS 9 must generate audit records for any use of the "poweroff" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-046770 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-047650 - AlmaLinux OS 9 must generate audit records for any use of the "mount" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-047760 - AlmaLinux OS 9 must generate audit records for any use of the "umount" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050510 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050620 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-005058 - The macOS system must disable Handoff. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'pmon services are using correct service account' | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | ACCESS CONTROL |
| OL08-00-010385 - The OL 8 operating system must not be configured to bypass password requirements for privilege escalation. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-030290 - OL 8 must generate audit records for any use of the "passwd" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030312 - OL 8 must generate audit records for any use of the "postqueue" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PPS9-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-432025 - RHEL 9 must require users to reauthenticate for privilege escalation. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654105 - RHEL 9 must audit all uses of the kmod command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654145 - RHEL 9 must audit all uses of the su command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654250 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-000080-ESXI5 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | ACCESS CONTROL |
| SRG-OS-000095-ESXI5 - Inetd and xinetd must be disabled or removed if no network services utilizing them are enabled. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| SRG-OS-000104-ESXI5 - All accounts must be assigned unique User Identification Numbers (UIDs) - UIDs | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-000120-ESXI5 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-000126-ESXI5 - The system must set a timeout for the ESXi Shell to automatically disable itself after a predetermined period. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | MAINTENANCE |
| SRG-OS-000163-ESXI5 - The operating system must terminate the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-901310 - Ubuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
