| 1.2 Ensure the latest version of Java is installed | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.2 Ensure the latest version of Java is installed | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.7.1 Ensure message of the day is configured properly | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.1 Ensure message of the day is configured properly | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.1 Ensure message of the day is configured properly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.9 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.3.7 Ensure 'REMOTE_OS_ROLES' Is Set To 'FALSE' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL |
| 2.7.2 iCloud keychain | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 3.1.6 Restrict Published Information (if publishing is required) - publish-address=no | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.6 Restrict Published Information (if publishing is required) - publish-binf=no | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.5 Ensure broadcast ICMP requests are ignored | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.22 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.23 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 6.10.3.4 Ensure XNM-SSL SSLv3 Support is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 8.5.1 (L2) Ensure anonymous users can't join a meeting | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | ACCESS CONTROL |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.81.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| ALMA-09-021470 - AlmaLinux OS 9 SSH daemon must disable remote X connections for interactive users. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-038630 - AlmaLinux OS 9 must prohibit the use of cached authenticators after one day. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-044020 - AlmaLinux OS 9 /var/log/messages file must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-003080 - The macOS system must disable accounts after 35 days of inactivity. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-005100 - The macOS system must ensure Secure Boot level is set to "full". | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Cisco_IOS_XE_17.x_v2.2.0_L1.audit from CIS Cisco IOS XE 17.x Benchmark v2.2.0 | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | |
| CIS_Microsoft_Windows_10_Stand-alone_v4.0.0_L1.audit from CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0 | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | |
| CIS_v4.1.0_Cisco_Firewall_ASA_9_Level_1.audit for Cisco ASA 9 from CIS Cisco Firewall Benchmark v4.1.0 | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | |
| O121-C2-014500 - The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010320 - The Oracle Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-030300 - The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - auditctl | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-040110 - The Red Hat Enterprise Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-212050 - RHEL 9 must enable mitigations against processor-based vulnerabilities. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-291040 - RHEL 9 wireless network adapters must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-030600 - The SUSE operating system must protect audit rules from unauthorized modification. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-025300 - The OS must limit privileges to the SQL Server backup directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| TCAT-AS-000570 - Tomcat default ROOT web application must be removed. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| UBTU-16-010290 - The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010427 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-200610 - Ubuntu 24.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WN22-AU-000040 - Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
