| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.3 Ensure iptables rules exist for all open ports - PPSM CLSA and vulnerability assessments. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.7 Ensure kernel module loading and unloading is collected - delete_module 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.9 Ensure file deletion events by users are collected - rename 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.9 Ensure file deletion events by users are collected - renameat 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.9 Ensure file deletion events by users are collected - renameat 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EACCES 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EPERM 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - openat EACCES 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected - fremovexattr 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected - removexattr 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected - removexattr 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected - group | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.16 Ensure auditing of the unix_chkpwd command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.17 Ensure audit of the gpasswd command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.26 Ensure audit of the rmdir syscall - 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.31 Ensure audit of the create_module syscall - 32 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.40 Ensure audit all uses of the newgrp command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 5.2.4 Ensure users must provide password for escalation | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.5 Ensure users must re-authenticate for privilege escalation | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Ensure the sudoers file restricts sudo access to authorized personnel - sudoers.d | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.2.8 Ensure users password required for privilege escalation when using sudo - targetpw | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.3.1 Ensure SSH is installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure SSH is running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.5 Ensure permissions on SSH public host key files are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.11 Ensure SSH HostbasedAuthentication is disabled | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.19 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.29 Ensure SSH Protocol is set to 2 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.4.8 Ensure date and time of last successful logon - showfailed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.13 Ensure lockout for unsuccessful root logon attempts - system-auth default | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 6.2.22 Ensure users' files and directories within the home directory permissions are 750 or more restrictive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.13 Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| MS.EXO.12.2v1 - Safe lists SHOULD NOT be enabled. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - PIV credentials | DISA STIG Palo Alto NDM v3r3 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WN10-UR-000070 - The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
