| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed - Patches | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.2.7 - MobileIron - Set Maximum number of failed attempts | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.5.4.1 (L1) Ensure 'Do not allow Home Page URL to be set in folder Properties' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11' | CIS v1.1.0 Oracle 11g OS L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 6.3 (L1) Ensure 'Account Logon Logoff Audit Group Membership' is set to include 'Success' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.6.11 Ensure local passwords are at least 10 characters | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 18.7.11 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.43.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (L1) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.2 (NG) Ensure 'Allow camera and microphone access in Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (L1) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 NG | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-056560 - AlmaLinux OS 9 audit tools must have a mode of 0755 or less permissive. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v98 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v129 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v107 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v114 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT edge v96 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v134 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-10-003700 - Google Android 10 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | AirWatch - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| MS.DEFENDER.2.1v1 - User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-231190 - RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-611065 - RHEL 9 must enforce password complexity by requiring that at least one lowercase character be used. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040400 - The use of FTP must be restricted. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| WN12-CC-000088 - Windows SmartScreen must be enabled on Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-001600 - Zebra Android 10 must be configured to not display the following (work profile) notifications when the device is locked: | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-003700 - Zebra Android 10 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-009800 - Zebra Android 10 Work Profile must be configured to disable automatic completion of work space internet browser text input. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
