| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL |
| 1.9 Set 'Automatically wrap text at <x> characters.' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.15.4 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Severe: 2 or 3' | CIS Microsoft Defender Antivirus v1.0.0 L1 Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.4 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Severe: 2 or 3' | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 - AirWatch - Set minimum passcode length | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - MobileIron - Set minimum passcode length | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/insmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 (L1) Ensure previous 5 passwords are prohibited | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.2.12 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 9.1.1 Enable cron Daemon - anacron run level 5 | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-101 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-104 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | MAINTENANCE |
| DTOO234 - Outlook - Active X One-Off forms must be configured. | DISA Microsoft Outlook 2010 STIG v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| Salesforce.com : Setting Password Policies - 'invalid login attempts <= 5' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| SLEM-05-232010 - SLEM 5 must have directories that contain system commands set to a mode of 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232015 - SLEM 5 must have system commands set to a mode of 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232025 - SLEM 5 library files must have mode 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232050 - SLEM 5 library files must be owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232060 - SLEM 5 library directories must be owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232065 - SLEM 5 library directories must be group-owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232070 - SLEM 5 must have system commands owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232075 - SLEM 5 must have system commands group-owned by root or a system account. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-412035 - SLEM 5 must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | ACCESS CONTROL |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 X86 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 SPARC STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - User Inactivity Timeout - 5 minutes or less | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| VCEM-67-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
