| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.2.2 Ensure all groups in /etc/passwd exist in /etc/group | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.2 Ensure all groups in /etc/passwd exist in /etc/group | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.5 Ensure no duplicate user names exist | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| AS24-U1-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-W2-000780 - The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
| Big Sur - Disable AirDrop | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable AirDrop | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Enable Firewall Stealth Mode | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enable Firewall Stealth Mode | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enable Firewall Stealth Mode | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enable Firewall Stealth Mode | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Siri Setup during Setup Assistant | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Siri Setup during Setup Assistant | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Enable Firewall Stealth Mode | NIST macOS Catalina v1.5.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enable Firewall Stealth Mode | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| EP11-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-EG-000305 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000300 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-009400 - Google Android 15 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000148 - The IIS 8.5 web server must not be running on a system providing any other role. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - HSP, HFP, and SPP profiles | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Monterey - Disable FaceTime.app | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable FaceTime.app | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable FaceTime.app | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable FaceTime.app | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Messages App | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Messages App | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Siri Setup during Setup Assistant | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the System Preference Pane for Apple ID | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MOTS-11-001400 - Motorola Solutions Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
