| 2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.28 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.33 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.39 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.39 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.40 Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.9.1 Ensure root access is controlled | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
| 5.22 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.23 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.23 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 8.5.9 (L2) Ensure meeting recording is off by default | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| ALMA-09-001120 - AlmaLinux OS 9 must automatically lock graphical user sessions after 15 minutes of inactivity. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-009920 - AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-010140 - AlmaLinux OS 9 must prevent the loading of a new kernel for later execution. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-055900 - AlmaLinux OS 9 audit logs must be owned by the root group to prevent unauthorized read access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner file | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system - Banner text | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-12-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DoD Notice and Consent Banner before granting GUI access to the system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-13-000025 - The macOS system must be configured so that any connection to the system must display the Standard Mandatory DOD Notice and Consent Banner before granting GUI access to the system. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-14-001060 The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001060 - The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Sybase_15_0_v1_1_0_L2_OS_Windows.audit from Sybase ASE 15.0 Version 1.1.0 | CIS Sybase 15.0 L2 OS Windows v1.1.0 | Windows | |
| ESXI-67-000004 - Remote logging for ESXi hosts must be configured. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| OL08-00-030121 - The OL 8 audit system must protect auditing rules from unauthorized change. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030601 - OL 8 must enable auditing of processes that start prior to the audit daemon. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-30-000003 - The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting Secure Shell (SSH) access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-40-000204 The Photon operating system must audit all account modifications. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-67-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000003 - The Photon operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting SSH access - ssh | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-07-010320 - The Red Hat Enterprise Linux operating system must be configured to lock accounts for a minimum of 15 minutes after three unsuccessful logon attempts within a 15-minute timeframe. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010330 - The Red Hat Enterprise Linux operating system must lock the associated account after three unsuccessful root logon attempts are made within a 15-minute period. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-09-251010 - RHEL 9 must have the firewalld package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-432035 - RHEL 9 must restrict the use of the "su" command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654275 - RHEL 9 audit system must protect auditing rules from unauthorized change. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030410 - The SUSE operating system must generate audit records for all uses of the kmod command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SRG-OS-99999-ESXI5-000144 - The system must ensure proper SNMP configuration - 'community name public does not exist' | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| SRG-OS-99999-ESXI5-000160 - The system must use the vSphere Authentication Proxy to protect passwords when adding ESXi hosts to Active Directory. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| UBTU-22-432010 - Ubuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing roles. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WA00547 W22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN16-SO-000080 - The setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-SO-000100 - The setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-AU-000040 - Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-SO-000070 - Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-SO-000410 - Windows Server 2019 User Account Control must automatically deny standard user requests for elevation. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-SO-000070 - Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-SO-000080 - Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
