| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.5 Create Separate Partition for /var | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.18 - MobileIron - Limit the 'number of messages' for 'Text message limit' | MobileIron - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutive | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Do not create access keys during initial setup for IAM users with a console password | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.3.17.5 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.5 Ensure that multifactor authentication is required for risky sign-ins | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-045450 - AlmaLinux OS 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-052050 - AlmaLinux OS 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ARST-RT-000490 - The Arista router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Arista MLS EOS 4.x Router v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS Switch RTR STIG v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| ESXI-67-000068 - All ESXi host-connected virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| GEN007760 - Proxy Neighbor Discovery Protocol (NDP) must not be enabled on the system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN007780 - The system must not have 6to4 enabled. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GOOG-12-010900 - Android 12 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010900 - Android 12 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010900 - Android 13 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010900 - Android 14 devices must be configured to disable the use of third-party keyboards. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010900 - Android 14 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-010900 - Android 13 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Honeywell Android 13 COBO v1r1 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-RT-000580 - The Juniper router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| KNOX-07-001400 - The Samsung Android 7 with Knox must be configured to enforce an application installation policy. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MADB-10-007300 - MariaDB must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000620 - MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| O365-CO-000017 - The Information Bar must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| PHTN-40-000082 The Photon operating system must protect audit tools from unauthorized access. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-09-651015 - RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010530 - The SUSE operating system file integrity tool must be configured to verify extended attributes. | DISA SLES 12 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-020020 - The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030660 - The SUSE operating system must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-040050 - The SUSE operating system file integrity tool must be configured to verify extended attributes. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SP13-00-000190 - When configuring SharePoint Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements. | DISA STIG SharePoint 2013 v2r4 | Windows | CONFIGURATION MANAGEMENT |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| VCEM-70-000009 - ESX Agent Manager must only run one webapp. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000010 - Performance Charts must not be configured with unsupported realms. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPG-67-000009 - VMware Postgres must limit modify privileges to authorized accounts. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCSA-70-000281 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List (HCL) by use of an external proxy server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCST-70-000010 - The Security Token Service must not be configured with unused realms. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VM : disable-VMtools-autoinstall | VMWare vSphere 6.0 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
