| 2.3.7.4 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' - between 5 and 14 days | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.4 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' - between 5 and 14 days | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure Billing Alerts are enabled for increments of X spend | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 7.10 Repairing permissions is no longer needed with 10.11 | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| CIS_IBM_DB2_10_v1.1.0_Level_1_OS_Linux.audit from CIS DB2 10.x Linux | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Linux.audit from CIS DB2 10.x Linux | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure kernel module loading and unloading is collected - auditctl init_module | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-06-000290 - X Windows must not be enabled unless required. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEV: Administrative Roles | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Datacenters | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Domains | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Groups | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Review Events with severity >= Error | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Roles | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Running VMs | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Stopped VMs | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Storage Domains | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Users | Tenable RedHat Enterprise Virtualization | RHEV | |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCFL-67-000013 - vSphere Client must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000011 - Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
