| 1.1.15 Add nosuid Option to /dev/shm Partition | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.10 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.11 Disable automount Service | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure No World Writable Files Exist in the System Folder | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6 Ensure No World Writable Folders Exist in the System Folder | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.18 Collect Kernel Module Loading and Unloading - /sbin/rmmod | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.18 Collect Kernel Module Loading and Unloading - init_module | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 6.3.3 Use pam_deny.so to Deny Services - include system-auth | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 8.2.6 Prevent unauthorized removal and modification of devices. | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 8.5.3 (L1) Ensure only people in my org can bypass the lobby | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 8.5.3 (L1) Ensure only people in my org can bypass the lobby | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-006180 - AlmaLinux OS 9 must require authentication to access emergency mode. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-017840 - AlmaLinux OS 9 must define default permissions for logon and nonlogon shells. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-053590 - AlmaLinux OS 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent usage. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v132 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v136 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v137 v1.0.0 | Windows | |
| JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| MD7X-00-004900 MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-006100 MongoDB must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA). | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | SYSTEM AND INFORMATION INTEGRITY |
| O121-OS-004600 - Use of the DBMS software installation account must be restricted. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL07-00-021350 - The Oracle Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Compute - strict permissions set for Compute configuration files - /etc/nova/nova.conf | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Compute - strict permissions set for Compute configuration files - /etc/nova/policy.json | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - Disable admin token in /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-010590 - The SUSE operating system must disable the file system automounter unless required. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| SLES-12-020230 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| SLES-12-020280 - The SUSE operating system must generate audit records for all uses of the chfn command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020300 - The SUSE operating system must generate audit records for all uses of the umount command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020550 - The SUSE operating system must generate audit records for all uses of the passwd command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020570 - The SUSE operating system must generate audit records for all uses of the newgrp command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020590 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| SLES-12-020630 - Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020720 - The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030370 - The SUSE operating system must generate audit records for all uses of the ssh-agent command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030420 - The SUSE operating system must generate audit records for all uses of the chmod command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| VCPF-67-000030 - Performance Charts must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000030 - The Security Token Service must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000032 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - '-ExecCGI' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'SetHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WBLC-03-000127 - Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
