| 2.1.2.4 Ensure IM groups is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.4 Do Not Specify Passwords in the Command Line | CIS MySQL 8.0 Community Linux OS L1 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Do Not Specify Passwords in the Command Line | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Debian 10 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL |
| 4.2.7 Ensure ufw default deny firewall policy | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure the Exception Users list is properly configured | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | ACCESS CONTROL |
| 4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 - password-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 20.59 Ensure 'Software certificate installation files must be removed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopen-session | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent installation of devices that match any of these device IDs - 1 | MSCT Windows 10 v1507 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - 1 | MSCT Windows 10 1903 v1.19.9 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDs | MSCT Windows 10 v1507 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDsRetroactive | MSCT Windows 10 v1507 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDsRetroactive | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDsRetroactive | MSCT Windows 10 1809 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDsRetroactive | MSCT Windows 10 1903 v1.19.9 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - Device Installation Restrictions | MSCT Windows 10 1809 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices that match any of these device IDs - PCI\CC_0C0A | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - {d48179be-ec20-11d1-b6b8-00c04fa372a7} | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 10 v1507 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 10 v21H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 10 v1507 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 10 1809 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 10 v21H2 v1.0.0 | Windows | MEDIA PROTECTION |
| RHEL-07-010110 - The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010280 - The Red Hat Enterprise Linux operating system must be configured so that passwords are a minimum of 15 characters in length. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020730 - The Red Hat Enterprise Linux operating system must be configured so that local initialization files do not execute world-writable programs. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021700 - The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030510 - The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040200 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040370 - The Red Hat Enterprise Linux operating system must not permit direct logons to the root account using remote access via SSH. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040530 - The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040641 - The Red Hat Enterprise Linux operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
