| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.10 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 5.1.6 Ensure No World Writable Folders Exist in the System Folder | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.4 (NG) Ensure 'Allow files to download and save to the host operating system from Microsoft Defender Application Guard' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 NG | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-006180 - AlmaLinux OS 9 must require authentication to access emergency mode. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fd | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v132 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v136 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v137 v1.0.0 | Windows | |
| ESXI-70-000004 - Remote logging for ESXi hosts must be configured. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| GEN003820 - The rsh daemon must not be running. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN003830 - The rlogind service must not be running. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| OL07-00-020110 - The Oracle Linux operating system must disable the file system automounter unless required. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OpenStack Compute - user/group ownership of config files set to root/nova - /etc/nova/policy.json | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - disable_password_reveal parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - password_autocomplete parameter set to off | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - SESSION_COOKIE_SECURE parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Horizon - strict permissions set for horizon configuration files - /etc/openstack-dashboard/local_settings.py | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/ssl/private/signing_key.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - strict permissions set for Compute configuration files - /etc/neutron/neutron.conf | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - user/group ownership of config files set to root/neutron - /etc/neutron/api-paste.ini | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-011600 - PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-07-020110 - The Red Hat Enterprise Linux operating system must disable the file system automounter unless required. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030570 - Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-271025 - RHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654025 - RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020250 - The SUSE operating system must generate audit records for all uses of the su command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020600 - The SUSE operating system must generate audit records for all uses of the chmod command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020610 - The SUSE operating system must generate audit records for all uses of the setfacl command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020620 - The SUSE operating system must generate audit records for all uses of the chacl command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020640 - The SUSE operating system must generate audit records for all uses of the rm command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020660 - The SUSE operating system must generate audit records for all modifications to the lastlog file. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020680 - The SUSE operating system must generate audit records for all uses of the unix_chkpwd command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020690 - The SUSE operating system must generate audit records for all uses of the chage command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020700 - The SUSE operating system must generate audit records for all uses of the usermod command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020710 - The SUSE operating system must generate audit records for all uses of the crontab command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020730 - The SUSE operating system must generate audit records for all uses of the delete_module command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-010590 - File system automounter must be disabled unless required. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| VCST-67-000030 - The Security Token Service must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-03-000127 - Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
