| 1.1.1.8 Ensure mounting of FAT filesystems is limited - modprobe | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profile | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.15 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.16 Secure individual keychain and items | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 6.5 Ensure The 'test' database is not installed | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 7.2 Disable Development Tools | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 10.06 Oracle Installation - 'Separate user account for Management/Intelligent Agent' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 12.36 Oracle Installation - 'Separate users for different components of Oracle' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000076 - The ESXi host must enable Secure Boot. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000024 - Access to the management network must be strictly controlled through a network jump box. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| EX16-ED-000580 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| EX16-ED-000580 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EX19-ED-000195 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| F5BI-LT-000261 - The BIG-IP Core implementation must be configured to check the validity of all data inputs except those specifically identified by the organization. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| FGFW-ND-000145 - The FortiGate device must prohibit installation of software without explicit privileged status. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| MS.EXO.4.2v1 - The DMARC message rejection option SHALL be p=reject. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010359 - The OL 8 operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-040310 - The OL 8 file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| PANW-AG-000047 - The Palo Alto Networks security platform must protect against the use of internal systems for launching denial-of-service (DoS) attacks against external networks or endpoints. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000267 - The qpidd service must not be running - CHKCONFIG. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000267 - The qpidd service must not be running - PROCESS_CHECK. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEV: Clusters Memory Balooning | Tenable RedHat Enterprise Virtualization | RHEV | |
| SLES-12-010510 - The SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions. | DISA SLES 12 STIG v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-070010 - The sticky bit must be set on all world writable directories. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000026 - Performance Charts must properly configure log sizes and rotation - MaxFileSize | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000267 - The vCenter Server must disable the distributed virtual switch health check. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VUM : patch-vum-os | VMWare vSphere 5.X Hardening Guide | VMware | |
| WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - LanManWorkstation | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - mrxsmb10 | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
