| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interface | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.validnode_checking = YES' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '$ORACLE_HOME/network/admin/sqlnet.ora tcp.validnode_checking=yes' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000730 - The Juniper perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000760 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000820 - The Juniper perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3255. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000830 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000850 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstops | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Location Services | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Disable Sending Diagnostic and Usage Data to Apple | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000580 - Symantec ProxySG must identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems - Access Logging Enabled | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000580 - Symantec ProxySG must identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems - Policy | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
