| 1.1.3.9.7 Configure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.3 Set 'username secret' for all local users | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2.1 Authentication | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.11 Ensure X-Powered-By Header is removed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.11 Ensure X-Powered-By Header is removed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 4.5 (L1) Ensure previous 5 passwords are prohibited | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.5.3 Ensure password reuse is limited | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5. OpenStack Identity - Policy.json - 'identity:list_user_projects' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| 5.3.1 Ensure X-Frame-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.5.3 Ensure password reuse is limited | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure password reuse is limited | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure password reuse is limited | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Do not enable the 'root' account | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.1.1 Enable cron Daemon - anacron run level 5 | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco Firewall v8.x from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-101 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-104 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000253 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000257 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Password Policies - 'invalid login attempts <= 5' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| SonicWALL - User Inactivity Timeout - 5 minutes or less | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| User Authentication Security - Configure login security options to hinder password guessing attacks - backoff-factor | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
