| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Apache Is Installed From the Appropriate Binaries | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - bind9 installation | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - bind9 installation | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.18 (L1) Host must have an accurate DCUI.Access list | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11' | CIS v1.1.0 Oracle 11g OS L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Ensure that 'User consent for applications' is set to 'Allow user consent for apps from verified publishers, for selected permissions' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 11.3 Ensure the httpd_t Type is Not in Permissive Mode | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 11.4 Ensure Only the Necessary SELinux Booleans are Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 12.1 Ensure the AppArmor Framework Is Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.77.3.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.77.3.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.80.1.1 (L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.80.1.1 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-028290 - AlmaLinux OS 9 fapolicy module must be enabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028400 - AlmaLinux OS 9 fapolicy module must be installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002051 - The macOS system must be configured to disable the system preference pane for TouchID - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002020 - The macOS system must be configured to disable Siri and dictation - Ironwood Allowed | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002043 - The macOS system must disable iCloud photo library. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002051 - The macOS system must be configured to disable the system preference pane for TouchID - DisabledPreferencePanes | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002041 - The macOS system must disable iCloud document synchronization. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002052 - The macOS system must be configured to disable the system preference pane for Wallet and ApplePay. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Camera | NIST macOS Catalina v1.5.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| DO6751-ORACLE11 - The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 11 or higher - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.ALLOWED_LOGON_VERSION > 11' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DO6751-ORACLE11 - The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 11 or higher - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.ALLOWED_LOGON_VERSION > 11' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| EDGE-00-000042 - Extensions that are approved for use must be allowlisted if used. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-06-100047 - The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.vib-acceptance-level-supported | VMware vSphere Security Configuration and Hardening Guide 8.0 - Bare Metal Host | Unix | CONFIGURATION MANAGEMENT |
| JRE8-UX-000120 - Oracle JRE 8 must enable the option to use an accepted sites list. | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| JRE8-UX-000130 - Oracle JRE 8 must have an exception.sites file present - URLs | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| JRE8-UX-000130 - Oracle JRE 8 must have an exception.sites file present. | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| WN11-00-000035 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000080 - Windows Server 2022 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
