| 1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.20 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.20 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.23 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.14 Audit Docker files and directories - /usr/bin/docker-containerd | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.14 Audit Docker files and directories - /usr/bin/docker-containerd | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.15 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.18 APPL-14-000053 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Secure the DB2 Runtime Library | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | |
| 2.1 Secure the DB2 Runtime Library | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| 3.1.8 Secure all diagnostic logs | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Secure all diagnostic logs | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | |
| 3.1.8 Secure all diagnostic logs | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 Setting | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.2.7 Secure permissions for the log mirror location | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | |
| 3.2.7 Secure permissions for the log mirror location | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| 3.2.7 Secure permissions for the log mirror location - FILE_PERMISSIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.8 (L1) Host must store one week of audit records | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd_config | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-000053 - The macOS system must set login grace time to 30. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001100 - The macOS system must disable root login for SSH. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-000051 - The macOS system must configure SSHD ClientAliveInterval to 900. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000080 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| AZLX-23-000225 - Amazon Linux 2023 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-104 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000034 - Firefox accounts must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000036 - Firefox feedback reporting must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000036 - Firefox feedback reporting must be disabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000038 - Pocket must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000038 - Pocket must be disabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000039 - Firefox Studies must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021620 - The Oracle Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories. | DISA Oracle Linux 7 STIG v3r5 | Unix | CONFIGURATION MANAGEMENT |
| Out-of-Band Management port | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-010040 - The Red Hat Enterprise Linux operating system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010050 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010120 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-040720 - The Red Hat Enterprise Linux operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-211010 - SLEM 5 must be a vendor-supported release. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
