| 6.1 Ensure at least one antivirus profile is set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure at least one antivirus profile is set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.11 Ensure that access to every URL is logged | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 22.8 (L1) Ensure 'ASR: Block Adobe Reader from creating child processes' is set to 'Block' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.14 (L1) Ensure 'ASR: Block JavaScript or VBScript from launching downloaded executable content' is set to 'Block' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.14 (L1) Ensure 'ASR: Block JavaScript or VBScript from launching downloaded executable content' is set to 'Block' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.15 (L1) Ensure 'ASR: Block Office applications from creating executable content' is set to 'Block' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM101 - McAfee VirusScan On-Access Default Processes Policies must be configured to scan when writing to disk. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM101 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan when writing to disk. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM102 - McAfee VirusScan On-Access Default Processes Policies must be configured to scan when reading from disk. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM102 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan when reading from disk. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if an error occurs during scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if scanning fails. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone. | DISA STIG IE 11 v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone. | DISA STIG IE 11 v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI426-IE11 - Anti-Malware programs against ActiveX controls must be run for the Local Machine zone. | DISA STIG IE 11 v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1051-IE11 - Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone. | DISA STIG IE 11 v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-300065 - The F5 BIG-IP appliance providing content filtering must automatically update malicious code protection mechanisms. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000016 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000024 - The Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.10.3v1 - Email scanning SHALL be capable of reviewing emails after delivery. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.7.2v1 - Users SHOULD be prevented from opening or downloading files detected as malware. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000032 - To protect against unauthorized data mining, the Palo Alto Networks security platform must detect and prevent SQL and other code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. | DISA Palo Alto Networks IDPS STIG v3r2 | Palo_Alto | ACCESS CONTROL |
| SP13-00-000195 - SharePoint-specific malware (i.e. anti-virus) protection software must be integrated and configured - 'Attempt to Clean Infected Documents is enabled' | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000195 - SharePoint-specific malware (i.e. anti-virus) protection software must be integrated and configured - 'Scan Documents on Download is enabled' | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000195 - SharePoint-specific malware (i.e. anti-virus) protection software must be integrated and configured - 'Scan Documents on Upload is enabled' | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limits | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - DoS incidents are detected. Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000036 - Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
