| 1.5.3 Ensure 'Join Microsoft MAPS' is set to 'Enabled: Advanced' | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | CONFIGURATION MANAGEMENT |
| 2.1.4 (L2) Ensure Safe Attachments policy is enabled | CIS Microsoft 365 Foundations v6.0.1 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.10 Ensure that access to every URL is logged | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure that access to every URL is logged | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 8.2.4 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.42 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4.3 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 22.8 (L1) Ensure 'ASR: Block Adobe Reader from creating child processes' is set to 'Block' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.15 (L1) Ensure 'ASR: Block Office applications from creating executable content' is set to 'Block' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AS-000119 - The BIG-IP ASM module must be configured to automatically update malicious code protection mechanisms when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - AAA is enabled | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - AAA lockouts are enabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - AAA lockouts occur after at most 5 failures | TNS FireEye | FireEye | |
| FireEye - AAA tries local authentication first | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Boot image must be signed | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - CLI commands do not hide any settings from administrators | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Custom SNORT rules are enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Email encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - LDAP encryption certificates are verified | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - Local logging retention configuration | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - NTP client is synchronized | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - NTP client uses a custom server | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Remote syslog is enabled | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - Reports are run on a schedule | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - SNMP is enabled | TNS FireEye | FireEye | |
| FireEye - SNMP traps use a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP uses a secure community string | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| FireEye - SNMP v3 users have passwords | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - SNMP v3 uses AES instead of DES | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - SSH connections must be SSHv2 | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - SSH users are logged out after 15 minutes of inactivity or less | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Time zone selection | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - User 'admin' SSH access is disabled | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - User connections are limited by subnet or VLAN | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Web interface does not use the system self-signed certificate | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| JUSX-IP-000011 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| MS.EXO.11.3v1 - The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| WN12-CC-000027 - Early Launch Antimalware, Boot-Start Driver Initialization Policy must be enabled and configured to only Good and Unknown. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000027 - Early Launch Antimalware, Boot-Start Driver Initialization Policy must be enabled and configured to only Good and Unknown. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000140 - Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000130 - Windows Server 2019 Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000130 - Windows Server 2022 Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-CC-000130 - Windows Server 2025 Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
