| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9 Set 'Automatically wrap text at <x> characters.' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.4 - AirWatch - Set minimum passcode length | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - AirWatch - Set minimum passcode length | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - MobileIron - Set minimum passcode length | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - MobileIron - Set minimum passcode length | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure proxies pass source IP information - X-Real-IP | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/insmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '64bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '64bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl insmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl rmmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| Android Compliance Policy - Minimum password length | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure kernel module loading and unloading is collected - auditctl init_module | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - auditctl insmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - auditctl modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - auditctl rmmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - init_module | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - rmmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| FireEye - AAA lockouts occur after at most 5 failures | TNS FireEye | FireEye | |
| GEN004700 - The Sendmail service must not have the wizard backdoor active. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN009340 - Xserver login managers must not be running unless needed for X11 session management. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| macOS Compliance Policy - Minimum password length | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000011 - Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000011 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
