| 1.2 Do Not Install a Multi-Use System - chkconfig | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.26 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.8.1.2 Ensure the OS Is Not Active When Resuming from Sleep and Display Sleep (Apple Silicon) | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure Auto-Scaling Launch Configuration for App-Tier is configured to use an approved Amazon Machine Image | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | CONFIGURATION MANAGEMENT |
| 5.1.1 Configure /etc/syslog.conf - auth,user | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Configure /etc/syslog.conf - daemon | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Configure /etc/syslog.conf - syslog | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Configure /etc/syslog.conf - unused | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3 Configure /etc/rsyslog.conf - auth,user /var/log/messages | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3 Configure /etc/rsyslog.conf - daemon /var/log/daemon.log | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.9 Collect Login and Logout Events - /var/log/faillog | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 7.2 Disable System Accounts | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 9.1 Ensure 'zosSecurity-1.0' feature is 'enabled' for SAF authorization | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL |
| 18.10.77.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-010030 - AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011790 - AlmaLinux OS 9 cron configuration files directory must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-012230 - AlmaLinux OS 9 must disable the ability of a user to accidentally press Ctrl-Alt-Del and cause a system to shut down or reboot. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-024550 - AlmaLinux OS 9 must enable the hardware random number generator entropy gatherer service. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-042260 - A sticky bit must be set on all AlmaLinux OS 9 public directories. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public Access Control Lists | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Access Control Lists | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-000100 The macOS system must disable root logon. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| DG0129-ORACLE11 - Passwords should be encrypted when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - faillog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - lastlog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - tallylog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-215020 - RHEL 9 must not have the sendmail package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252065 - RHEL 9 libreswan package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654085 - RHEL 9 must audit all uses of the chage command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-672020 - RHEL 9 cryptographic policy must not be overridden. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-020411 - The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020490 - The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020740 - The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SRG-OS-000071-ESXI5 - The system must require that passwords contain at least one numeric character. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-020390 - Successful/unsuccessful uses of the umount command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-18-010202 - The Ubuntu operating system must generate audit records for the use and modification of faillog file. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010169 - The Ubuntu operating system must generate audit records for the use and modification of the tallylog file. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010170 - The Ubuntu operating system must generate audit records for the use and modification of faillog file. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010171 - The Ubuntu operating system must generate audit records for the use and modification of the lastlog file. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654210 - Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900250 - Ubuntu 24.04 LTS must generate audit records for the use and modification of faillog file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900260 - Ubuntu 24.04 LTS must generate audit records for the use and modification of the lastlog file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WA00540 W22 - The web server must be configured to explicitly deny access to the OS root. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN19-SO-000440 - Windows Server 2019 User Account Control must run all administrators in Admin Approval Mode, enabling UAC. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
