| 1.7.3 Ensure the Standard Mandatory DoD Notice and Consent Banner are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.websocket.LEVEL=DEBUG | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.1.5 Secure permissions for default database file path | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.5 Secure permissions for default database file path | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 3.1.5 Secure permissions for default database file path (Scored) | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2 Disable ESXi Shell unless needed for diagnostics or troubleshooting | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 7.2 Set Strong Password Creation Policies - MINALPHA = 2 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINNONALPHA = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINALPHA = 2 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - NAMECHECK = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 18.5.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.7.1.2 (L1) Ensure 'Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.11.2.8 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.49 Ensure 'Permissions for the Security Event Log must prevent access by non-privileged accounts' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000097 - The ESXi Common Information Model (CIM) service must be disabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| JBOS-AS-000685 - The JRE installed on the JBoss server must be kept up to date. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-900300 - The Samsung must be configured to not allow Container passwords with more than two repeating or sequential characters. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| SYMP-AG-000550 - Symantec ProxySG must allow incoming communications only from organization-defined authorized sources routed to organization-defined authorized destinations - Proxy Services | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000650 - Symantec ProxySG providing content filtering must continuously monitor outbound communications traffic crossing internal security boundaries for unusual/unauthorized activities or conditions - Proxy Services | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000650 - Symantec ProxySG providing content filtering must continuously monitor outbound communications traffic crossing internal security boundaries for unusual/unauthorized activities or conditions - Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limits | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| WBLC-05-000162 - Oracle WebLogic must enforce password complexity by the number of upper-case characters used. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000162 - Oracle WebLogic must enforce password complexity by the number of upper-case characters used. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000163 - Oracle WebLogic must enforce password complexity by the number of lower-case characters used. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000164 - Oracle WebLogic must enforce password complexity by the number of numeric characters used. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000164 - Oracle WebLogic must enforce password complexity by the number of numeric characters used. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000165 - Oracle WebLogic must enforce password complexity by the number of special characters used. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
