| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.9 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| 2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.35 Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.38 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.15 (L2) Ensure 'Enable Translate' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.7 (L2) Ensure the SSH authorized_keys file is empty | CIS VMware ESXi 7.0 v1.5.0 L2 Bare Metal | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 6.3.3 Ensure that use of the 'User Access Administrator' role is restricted | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 8.2.2 (L2) Ensure unnecessary CD/DVD devices are disconnected | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.8 (L2) VMware Tools must deactivate ContainerInfo unless required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| ALMA-09-020480 - The AlmaLinux OS 9 SSH server configuration file must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-031040 - A graphical display manager must not be installed on AlmaLinux OS 9 unless approved. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001024 The macOS system must be configured to audit all failed program execution on the system. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| CIS_Cisco_ASA_9.x_Firewall_v1.1.0_L2.audit from CIS Cisco ASA 9.x Firewall Benchmark v1.1.0 | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | |
| CIS_Cisco_IOS_XE_17.x_v2.2.0_L2.audit from CIS Cisco IOS XE 17.x Benchmark v2.2.0 | CIS Cisco IOS XE 17.x v2.2.0 L2 | Cisco | |
| CIS_Microsoft_Windows_10_Stand-alone_v4.0.0_L2.audit from CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0 | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | |
| CIS_Microsoft_Windows_11_Stand-alone_v4.0.0_L1.audit from CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0 | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | |
| CIS_Microsoft_Windows_11_Stand-alone_v4.0.0_L2.audit from CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0 | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | |
| GEN007841-ESXI5-000120 - Wireless network adapters must be disabled. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-11-001000 - Google Android 11 must be configured to enforce an application installation policy by specifying an application allow list that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001000 - Google Android 11 must be configured to enforce an application installation policy by specifying an application allow list that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006600 - Google Android 12 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-001000 - The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-001000 - Motorola Solutions Android 11 must be configured to enforce an application installation policy by specifying an application allow list that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001000 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying an application allow list that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL08-00-030600 - OL 8 must generate audit records for any attempted modifications to the "lastlog" file. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-653090 - RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-654110 - RHEL 9 must audit all uses of the newgrp command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030600 - The SUSE operating system must protect audit rules from unauthorized modification. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SRG-OS-000078-ESXI5 - The system must require that passwords contain a minimum of 14 characters. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-99999-ESXI5-000136 - The system must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| TCAT-AS-001590 - Changes to $CATALINA_HOME/bin/ folder must be logged. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010072 - The Ubuntu operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-411045 - Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WN16-AU-000040 - Permissions for the Security event log must prevent access by non-privileged accounts. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000030 - Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000040 - Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN22-SO-000380 - Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must be enabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
