| 1.1.23 Disable Automounting | CIS Fedora 19 Family Linux Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Ensure 'host headers' are on all sites | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.3 Configure SSH - Check if Protocol is set to 2 and not commented for client. | CIS Solaris 9 v1.3 | Unix | |
| 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 2.2.1 Ensure 'ACCEPT_MD5_CERTS' Is NOT SET | CIS Oracle Database 23ai v1.0.0 L1 RDBMS On Linux Host OS | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.10.5 Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only) - Network access: Named Pipes that can be accessed anonymously (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only) - Network access: Named Pipes that can be accessed anonymously | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.7 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.9 Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Disable Removable Volume Manager - smserver | CIS Solaris 11.2 L1 v1.1.0 | Unix | |
| 2.8 Disable Removable Volume Manager - smserver | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.10 Disable Removable Volume Manager | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.12 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.32 init.ora - 'db_securefile = ALWAYS' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.10 Ensure SSH HostbasedAuthentication is disabled | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.2.7 Set SSH HostbasedAuthentication to No | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 20.14 Ensure 'Automated mechanisms must be employed to determine the state of system components' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ARST-RT-000550 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN008420 - The system must use available memory address randomization techniques. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000340 - The Juniper EX switch must be configured to use FIPS 140-2/140-3 validated algorithms for authentication to a cryptographic module. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010482 - Oracle Linux operating systems version 7.2 or newer with a Basic Input/Output System (BIOS) must require authentication upon booting into single-user and maintenance modes - BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-010491 - Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes - UEFI must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| PPS9-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv10 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WPAW-00-001800 - If several Windows PAWs are set up in virtual machines (VMs) on a host server, the host server must only contain PAW VMs. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
