| 2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.2 Ensure monitoring and alerting exist for MANAGE GRANTS privilege grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.4 Ensure monitoring and alerting exist for password sign-in without MFA | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured | CIS Microsoft 365 Foundations v6.0.1 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 8 v1.0.0 L1 Windows | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 8 v1.0.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT |
| 18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| All network interfaces are operating in full-duplex mode | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| CIS_MongoDB_3.2_Benchmark_Level_2_OS_Unix_v1.0.0.audit from CIS MongoDB 3.2 Benchmark v1.0.0 | CIS MongoDB 3.2 L2 Unix Audit v1.0.0 | Unix | |
| Disable promiscuous mode on all network interfaces | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| DTAM054 - McAfee VirusScan On-Demand scan must be configured to find unknown program threats. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM104 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown unwanted programs and trojans. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable only necessary and secure services, protocols, daemons - 'lwsmd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable QoS on all VM guests | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IP forwarding is disabled | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| External authentication is disabled | TNS Citrix Hypervisor | Unix | IDENTIFICATION AND AUTHENTICATION |
| Host is enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Disable SNMPv2' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| HP ProCurve - 'Disable TFTP server' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Enable SNMPv3' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Install a trusted certificate in place of the default self-signed SSL certificate | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000011 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-IP-000012 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent code injection attacks launched against application objects, including, at a minimum, application URLs and application code. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| NIST_macOS_Monterey_800-53r4_low_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | |
| NIST_macOS_Monterey_800-53r4_moderate_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | |
| NIST_macOS_Monterey_cnssi-1253_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | |
| Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Snapshots are not present | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - Layer 2 - Threshold | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - TCP - Handshake enforcement | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - IDP ON - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Logging Level - Information | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Login Banner - Public Zone | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Password Policy - Password Uniqueness >= 10 | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Security Services - IDP - Signature DB Present | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - IDP - Signature Timestamp | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Block the conn. and log the event | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Detect Expired Certificates | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Enable Whitelist | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| XenServer - All network interfaces are operating in full-duplex mode | TNS Citrix XenServer | Unix | |
| XenServer - Install a trusted CA certificate on the pool | TNS Citrix XenServer | Unix | |
| XenServer - Passwords stored in 'secrets' are not visible | TNS Citrix XenServer | Unix | |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
