| 2.2.7 - MobileIron - Set Maximum number of failed attempts | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 10. OpenStack Identity - Policy.json - 'identity:list_access_token_roles' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 18.10.43.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (NG) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (NG) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-017620 - AlmaLinux OS 9 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-041600 - AlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-056340 - AlmaLinux OS 9 audit tools must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001701 - On the BIND 9.x server CNAME records must not point to a zone with lesser security for more than six months. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v131 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v90 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v91 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v133 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v136 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v117 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v88 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v132 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v135 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v124 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v127 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v128 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v89 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v137 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v138 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000181 - The AuthenticationEnabled property of the Node Manager configured to support OHS must be configured to enforce authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253040 - RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411080 - RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-411085 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-412070 - RHEL 9 must define default permissions for the system default profile. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-653090 - RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
