| 1.4 SNMP Security - a) SNMP Community Security | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3 Ensure address space layout randomization (ASLR) is enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 8 Server L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian 8 Server L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.d | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.d/* | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure autofs services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | MEDIA PROTECTION |
| 2.1.1 Ensure autofs services are not in use | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | MEDIA PROTECTION |
| 2.1.1 Ensure autofs services are not in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | MEDIA PROTECTION |
| 2.2.1 Ensure autofs services are not in use | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | MEDIA PROTECTION |
| 2.2.1 Ensure autofs services are not in use | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.2.1 Ensure autofs services are not in use | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | MEDIA PROTECTION |
| 3.2.2 SSL service name - ssl_svcename | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 3.2.4 Database Manager Configuration parameter: trust_allclnts | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 5.1 Enable Backup Redundancy | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | |
| 5.2.10 Ensure password number of changed characters is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.14 Restrict Access to SYSCAT.SURROGATEAUTHIDS | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.16 Restrict Access to SYSCAT.ROLES | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.8.7.1.2 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.2 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 10 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Ensure address space layout randomization (ASLR) is enabled - sysctl.conf | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN005305 - The SNMP service must use only SNMPv3 or its successors. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN005505 - The operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| OL07-00-010492 - Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
