| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL |
| 1.15.4 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Severe: 2 or 3' | CIS Microsoft Defender Antivirus v1.0.0 L1 Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.4 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Severe: 2 or 3' | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 - MobileIron - Set the 'minimum password length' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - AirWatch - Set minimum passcode length | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - MobileIron - Set minimum passcode length | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/insmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl insmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl insmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - modprobe | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA Arista MLS EOS 4.X L2S STIG v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO234 - Outlook - Active X One-Off forms must be configured. | DISA Microsoft Outlook 2010 STIG v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232010 - SLEM 5 must have directories that contain system commands set to a mode of 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232015 - SLEM 5 must have system commands set to a mode of 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232020 - SLEM 5 library directories must have mode 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232025 - SLEM 5 library files must have mode 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232050 - SLEM 5 library files must be owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232055 - SLEM 5 library files must be group-owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232065 - SLEM 5 library directories must be group-owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232085 - SLEM 5 must have directories that contain system commands group-owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-412035 - SLEM 5 must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | ACCESS CONTROL |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 X86 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 SPARC STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Flood Protection - TCP - Timeout <= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
