| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | |
| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | |
| 1.1.10 - AirWatch - Enable 'Airplane Mode' | AirWatch - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3 Set Update Interval Time Checks | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | RISK ASSESSMENT |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.15 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.6 Set SSL Override Behavior | CIS Mozilla Firefox 102 ESR Windows L2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.3 Disable Displaying JavaScript in History URLs | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Disable Moving or Resizing of Windows via Scripts | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Disable Moving or Resizing of Windows via Scripts | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure Legacy EFI Is Valid and Updating | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.6 Disable Pocket | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Disable Sending Data | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.8 Disallow Credential Storage | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.10 Enable Enhanced Tracking Protection | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.12 Set Delay for Enabling Security Sensitive Dialog Boxes | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Disabled Delete Data Upon Shutdown | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.4 Disable Popups Initiated by Plugins | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Automatic Actions for Optical Media | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.6 Automatic Actions for Optical Media | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
| 12.36 Oracle Installation - 'Separate users for different components of Oracle' | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| 18.10.4.3 (L1) Ensure 'Prevent non-admin users from installing packaged Windows apps' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-018060 - AlmaLinux OS 9 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CISC-ND-000580 - The Cisco switch must be configured to enforce password complexity by requiring that at least one lower-case character be used. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DTOO320 - Outlook - Check e-mail addresses against addresses of certificates being used must be disallowed. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| JUNI-RT-000720 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-013300 - The DBMS must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA STIG Oracle 12c v3r4 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| PANW-IP-000041 - The Palo Alto Networks security platform must protect against or limit the effects of known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds) - traffic thresholds | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-070180 - World-writable files must not exist. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-070180 - World-writable files must not exist. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SRG-OS-000090-ESXI5 - The system must verify the integrity of the installation media before installing ESXi. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| UBTU-16-010530 - The file integrity tool must be configured to verify extended attributes. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - opt | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-08-000229 - Oracle WebLogic must be configured to perform complete application deployments. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000235 - Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000235 - Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-CM-000003 - The Windows 2012 DNS Server must prohibit recursion on authoritative name servers for which forwarders have not been configured for external queries. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
