| 1.1.3 Ensure nodev option set on /tmp partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.9 Ensure nodev option set on /home partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.11 Ensure nosuid option set on /dev/shm partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Set 'ip address' for 'ntp server' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 18.8.22.1.2 (L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.3 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Consumer Key' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook Error URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain Consumer Secret' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain Error URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain Execution User ID' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Janrain is not configured' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Authorized Endpoint URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Default Scope' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect is not configured' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Execution User ID' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Salesforce is not configured' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : CronTrigger - 'Cron Jobs with Status of ERROR' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'IsAuthenticationRequired = True' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Monitoring Login History - 'Inactive users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Monitoring Login History - 'No users are frozen' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Network-Based Security - 'Trusted IP Range has been defined' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Network-Based Security - 'Trusted IP Ranges exist' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Object Permissions - 'DefaultCalendarAccess should not be Show Details or Show Details and Add Events' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Object Permissions - 'DefaultCaseAccess should not be Public Read/Write or Public Read/Write/Transfer' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Object Permissions - 'DefaultContactAccess should not be Public Read/Write or Public Read/Write/Transfer' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'invalid login attempts <= 5' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'password history >= 3' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Session Security - 'Disable timeout warning = false' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Setting Session Security - 'Enable clickjack protection for setup pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Setting Session Security - 'Enable CSRF protection on GET requests on non-setup pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Setting Session Security - 'Force relogin after Login-As-User = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| SalesForce.com : Setting Session Security - 'Review Active Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| SalesForce.com : Setting Session Security - 'Review Inactive Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Users that have not changed their password recently' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'Session Timeout <= 2 hours' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : User Access - Users have only been modified by known administrators | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| WDNS-CM-000015 - Digital signature algorithm used for DNSSEC-enabled zones must be FIPS-compatible. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WDNS-SC-000031 - The Windows 2012 DNS Server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-UR-000002-DC - Unauthorized accounts must not have the Access this computer from the network user right on domain controllers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
