| 2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.3 Configure 'Interactive logon: Message text for users attempting to log on' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.17.5 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 5.9 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.26 Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.33 Ensure 'Windows Media Center Receiver Service (ehRecvr)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.37 Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNet | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - EnableRspndr | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - EnableRegistrars | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.22.1.6 Ensure 'Turn off Internet File Association service' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.11 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' - Enabled | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 19.7.45.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.21 Ensure 'DoD Root Certificate Authority (CA) certificates' are installed in the 'Trusted Root Store' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP recipients | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000001 - ESX Agent Manager must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL |
| VCEM-67-000006 - ESX Agent Manager must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000011 - ESX Agent Manager must be configured to limit access to internal packages. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000014 - ESX Agent Manager must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000017 - ESX Agent Manager directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000024 - ESX Agent Manager must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000026 - ESX Agent Manager must have the debug option turned off. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - localhost | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - main | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000029 - ESX Agent Manager must be configured with the appropriate ports. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000999 - The version of EAM running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000003 - The system must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000013 - The distributed port group Forged Transmits policy must be set to reject. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000019 - All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000020 - All port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000021 - The system must enable SSL for Network File Copy (NFC). | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000022 - The vCenter Server services must be ran using a service account instead of a built-in Windows account. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000023 - The system must ensure the vpxuser auto-password change meets policy. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000028 - Log files must be cleaned up after failed installations of the vCenter Server. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000045 - The system must limit the maximum number of failed login attempts to three. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | ACCESS CONTROL |
| VCWN-06-000048 - The system must alert administrators on permission creation operations. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
