| 1.2 Disable Unused Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 2.5 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges on the SQL server. | CIS Microsoft SharePoint 2019 DB v1.0.0 | MS_SQLDB | |
| 2.6 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges on the SQL server - Owner | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 2.6 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges on the SQL server - Roles | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 2.6 Turn off TRACE - check server.xml | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE (check server.xml) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure EFI Version Is Valid and Checked Regularly - daemon | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.13 Ensure EFI version is valid and being regularly checked - daemon | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.26 Check container health at runtime | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.2.17 Check for Duplicate User Names | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 9.11 Check Groups in /etc/passwd | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.11 Check Groups in passwd(4) | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.17 Check for Duplicate User Names | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.18 Check for Duplicate User Names | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.18 Check for Duplicate User Names | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.18 Check for Duplicate User Names | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.19 Check for Duplicate Group Names | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.19 Check for Duplicate Group Names | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 13.16 Check for Duplicate User Names | CIS Debian Linux 7 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 13.17 Check for Duplicate Group Names | CIS Debian Linux 7 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 13.17 Check for Duplicate Group Names | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN003608 - Proxy ARP must not be enabled on the system. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GOOG-12-010900 - Android 12 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010900 - Android 13 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-710900 - Android 13 devices must be configured to disable the use of third-party keyboards (work profile only). | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010900 - Android 14 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-710900 - Android 14 devices must be configured to disable the use of third-party keyboards (work profile only) - work profile only. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-010900 - Android 13 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Honeywell Android 13 COBO v1r1 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000450 - The Juniper EX switch must be configured to prohibit installation of software without explicit privileged status. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| OL09-00-000304 - OL 9 must be configured so that the file integrity tool verifies extended attributes. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-651035 - RHEL 9 must be configured so that the file integrity tool verifies extended attributes. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010520 - The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA SLES 12 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040040 - The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040240 - The SUSE operating system SSH daemon public host key files must have mode 0644 or less permissive. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000160 - Splunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity - at a minimum when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000300 - When Splunk Enterprise is distributed over multiple servers, each server must be configured to disable non-essential capabilities. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | CONFIGURATION MANAGEMENT |
| UBTU-22-214010 - Ubuntu 22.04 LTS must be configured so that the Advance Package Tool (APT) prevents the installation of patches, service packs, device drivers, or operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| VCEM-67-000009 - ESX Agent Manager must only run one webapp. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000010 - ESX Agent Manager must not be configured with unsupported realms. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000009 - Lookup Service must only run one webapp. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-06-000034 - The system must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000034 - The vCenter Server for Windows must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-80-000213 Virtual machines (VMs) must remove unneeded USB devices. | DISA VMware vSphere 8.0 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
