| 1.4.4 Ensure boot loader does not allow removable media | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.10 Ensure system device files are labeled - device_t | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.10 Ensure system device files are labeled - unlabeled_t | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.5.4 Audit Location Services Access | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.4 Audit Location Services Access | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.4 Audit Location Services Access | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Audit Location Services Access | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Audit Location Services Access | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Audit Location Services Access | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure System Integrity Protection Status (SIPS) Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.31 Ensure SSH does not permit Kerberos authentication | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.5.9 Ensure local interactive user accounts umask is 077 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.12 Ensure that 'User consent for applications' is set to 'Do not allow user consent' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| EX16-ED-000580 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EX16-ED-000580 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| JUNI-ND-001060 - The Juniper router must be configured to prohibit installation of software without explicit privileged status. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000077 - The Juniper SRX Services Gateway must implement logon roles to ensure only authorized roles are allowed to install software and updates. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| PPS9-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-031010 - The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040440 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-033800 - SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-003000 - SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| WN10-CC-000310 - Users must be prevented from changing installation options. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000315 - The Windows Installer Always install with elevated privileges must be disabled. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000018 - Optional component installation and component repair must be prevented from using Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000116 - The Windows Installer Always install with elevated privileges option must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000122 - Windows Media Player must be configured to prevent automatic checking for updates. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000122 - Windows Media Player must be configured to prevent automatic checking for updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000089 - The print driver installation privilege must be restricted to administrators. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000089 - The print driver installation privilege must be restricted to administrators. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000013 - Media Player must be configured to prevent automatic Codec downloads. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000013 - Media Player must be configured to prevent automatic Codec downloads. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000420 - Windows Server 2019 must prevent users from changing installation options. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000430 - Windows Server 2019 must disable the Windows Installer Always install with elevated privileges option. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
