| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.9 Create Separate Partition for /home | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'auth*' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'auth*' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure NIS Client is not installed | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure NIS Client is not installed | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3 Ensure talk client is not installed | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3 Ensure talk client is not installed | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 3.3.1 Secure Db2 Runtime Library | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Set OCSP Use Policy | CIS Mozilla Firefox 102 ESR Windows L2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Set OCSP Use Policy | CIS Mozilla Firefox 102 ESR Linux L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.7.1 Enable Security Posture | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.10.5 Enable Security Posture | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 6.8 Run a host and/or network-based packet firewall | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 7.9 Enable Warning for External Protocol Handler | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 55.4 (L1) Ensure 'Block Non Admin User Install' is set to 'Allow' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000490 - The Arista router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000068 - All ESXi host-connected virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| GEN007760 - Proxy Neighbor Discovery Protocol (NDP) must not be enabled on the system. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007780 - The system must not have 6to4 enabled. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUNI-ND-001060 - The Juniper router must be configured to prohibit installation of software without explicit privileged status. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| MD7X-00-007200 MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| O121-N2-008601 - The DBMS must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Oracle 12c v3r4 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-CO-000021 - Object Caching Protection must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-CO-000024 - File Download Restriction must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000025 - The Save from URL feature must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000101 - The Palo Alto Networks security platform being used for TLS/SSL decryption using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certificate Authorities (CAs) for the establishment of protected sessions. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000480 - When configuring Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements. | DISA STIG SharePoint 2010 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| UBTU-18-010314 - The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010215 - The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-70-000009 - Performance Charts must only run one webapp. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000054 - The vCenter Server for Windows must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
