| 1.3.1 Ensure AIDE is installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.3.1 Ensure AIDE is installed | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.3.1 Ensure AIDE is installed | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrations | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 5.3.1 Ensure AIDE is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.1 Ensure AIDE is installed | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.1 Ensure AIDE is installed | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.1 Ensure AIDE is installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.9.47.15 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| All network interfaces are operating in full-duplex mode | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'sshd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable port locking by default on the VM guest network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable remote syslog | TNS Citrix Hypervisor | Unix | AUDIT AND ACCOUNTABILITY |
| F5BI-AS-000109 - The BIG-IP ASM module must be configured to update malicious code protection mechanisms and signature definitions when providing content filtering to virtual servers for whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| HP ProCurve - 'Disable IP Stack Management' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'RADIUS or TACACS Authentication is configured' | TNS HP ProCurve | HPProCurve | |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Passwords stored in 'secrets' are not visible | TNS Citrix Hypervisor | Unix | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Flood Protection - TCP - Handshake enforcement | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Flood Protection - TCP - Timeout <= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - IDP ON - DMZ | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - IDP ON - WAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Logging Level - Information | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Password Policy - Complexity Level | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Review the NTP server configuration | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Security Services - IDP - Signature Timestamp | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Block the conn. and log the event | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Detect Expired Certificates | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'lwsmd' | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - External authentication is disabled | TNS Citrix XenServer | Unix | |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Snapshots are not present | TNS Citrix XenServer | Unix | |
