| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 3.2.11 CDE - /etc/dt/config/*/Xresources permissions and ownership - /etc/dt/config/*/Xresources permissions and ownership | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Block Mixed Active Content | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Set OCSP Response Policy | CIS Mozilla Firefox 102 ESR Windows L2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.4 Set Security TLS Version Maximum | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Set Security TLS Version Minimum | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.1.11 Ensure access to Xresources is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Disable Displaying JavaScript in History URLs | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.5 Disable Raising or Lowering of Windows via Scripts | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Disable Raising or Lowering of Windows via Scripts | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Disabled Browser Sign-ins | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Disable Geolocation Serivces | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.8 Disallow Credential Storage | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.9 Do Not Accept Third Party Cookies | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.9 Do Not Accept Third Party Cookies | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.12 Set Delay for Enabling Security Sensitive Dialog Boxes | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Disabled Delete Data Upon Shutdown | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Disable Auto-Install of Add-ons | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Disable Encrypted Media Extensions | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.3 Set 'Restrict ActiveX Install' to 'Enabled' - explorer.exe | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Set 'Restrict ActiveX Install' to 'Enabled'-iexplore.exe | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Disable Popups Initiated by Plugins | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Disabled Recommended Extensions | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Enable Extension Block List | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Enable Extension Update | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.8 Enable Extension Update | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Block Reported Attack Sites | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 8.3 Enable Cryptomining Protection | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-67-000071 - The SA must verify the integrity of the installation media before installing ESXi. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| JRE8-WN-000160 - Oracle JRE 8 must lock the option to enable users to check publisher certificates for revocation - deployment.security.revocation.check | DISA STIG Oracle JRE 8 Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-013700 - Oracle Database must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-013300 - The DBMS must ensure users are authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000210 - A private OHS installation must be located on a separate controlled access subnet. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000004 - The system must use a separate file system for the system audit data path. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000004 - The system must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WN11-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
