| 1.2 Do Not Install a Multi-Use System - chkconfig | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Do Not Install a Multi-Use System - chkconfig | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure message of the day is configured properly - banner | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure message of the day is configured properly - banner text | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure message of the day is configured properly - mrsv | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure message of the day is configured properly - mrsv | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora' | CIS Oracle Server 12c Windows v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora' | CIS Oracle Server 18c Windows v1.1.0 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 Disable Publishing - disable-publishing=yes | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2 Disable Send Packet Redirects - net.ipv4.conf.all.send_redirects = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.2 Disable Send Packet Redirects - net.ipv4.conf.send_redirects = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.77.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.77.3.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 28.1 (BL) Ensure 'Device Enumeration Policy' is set to 'Block all (most restrictive)' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-036540 - AlmaLinux OS 9 passwords must be created with a minimum of 15 characters. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-041930 - AlmaLinux OS 9 must use a Linux Security Module configured to enforce limits on system services. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001023 The macOS system must be configured to audit all failed write actions on the system. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-003051 - The macOS system must enforce multifactor authentication for the su command. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS Docker Community Edition v1.1.0 L1 Linux Host OS | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'ORACLE_BASE environment variable set' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'ORACLE_HOME environment variable set' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-000900 - The EDB Postgres Advanced Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EP11-00-001000 - The EDB Postgres Advanced Server must be configured to provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EP11-00-001200 - The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| EP11-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EP11-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EP11-00-003700 - Default, demonstration and sample databases, database objects, and applications must be removed. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EP11-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-006600 - The EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-010340 - The Oracle Linux operating system must be configured so that users must provide a password for privilege escalation. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010500 - The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-030000 - The Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| OL08-00-030570 - OL 8 must generate audit records for any use of the "chacl" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-67-000071 - The Photon operating system must generate audit records when the sudo command is used. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-010500 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654015 - RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Patch | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
