| 1.1.3.3.2 Ensure only allow specified file types is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.1 Configure Connection to the RHN RPM Repositories | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10.9.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 4.10.9.1.1 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 4.10.9.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | CIS v1.1.0 Oracle 11g OS L2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.1 Ensure Logging and Cloud Monitoring is Enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.8 Ensure that a 'Custom banned password list' is set to 'Enforce' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.15 Ensure TLS Cipher Suite ordering is configured | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.59 Ensure 'Software certificate installation files must be removed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.59 Ensure 'Software certificate installation files must be removed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| Adtran : List enabled interfaces | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Catalina - Must Use HBSS | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-104 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-000240 - The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000945-ESXI5-000333 - The root accounts library search path must be the system default and must contain only absolute paths. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN004900 - The ftpusers file must contain account names not allowed to use FTP. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN004900 - The ftpusers file must contain account names not allowed to use FTP. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN004900 - The ftpusers file must contain account names not allowed to use FTP. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| List patches | TNS Citrix Hypervisor | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Must Use HBSS | NIST macOS Monterey v1.0.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages. | DISA Oracle Linux 7 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010019 - OL 8 must ensure cryptographic verification of vendor software packages. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010019 - The Red Hat Enterprise Linux operating system must ensure cryptographic verification of vendor software packages. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010019 - RHEL 8 must ensure cryptographic verification of vendor software packages. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214010 - RHEL 9 must ensure cryptographic verification of vendor software packages. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Enabled | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - From | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Server | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WDNS-CM-000019 - Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-000700 - The Windows PAW must be configured with a vendor-supported version of Windows 11 and applicable security patches that are DOD approved. | DISA MS Windows Privileged Access Workstation v3r2 | Windows | CONFIGURATION MANAGEMENT |
