| 1.1.27 Disable Automounting | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.28 Disable USB Storage - /bin/true | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.28 Disable USB Storage - blacklist | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-031370 - AlmaLinux OS 9 must be configured to disable USB mass storage. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x timeout reauth-period 3600 | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptions | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000285 - The JBoss server must be configured to bind the management interfaces to only management networks. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| JUNI-ND-001140 - The Juniper router must be configured to authenticate NTP sources using authentication that is cryptographically based. | DISA STIG Juniper Router NDM v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.3.5v1 - The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.4.1v2 - A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency. At a minimum, credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) SHALL be blocked. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.1v1 - A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.6.2v1 - The DLP solution SHALL protect personally identifiable information (PII) | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| O365-OU-000002 - Outlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020100 - The Oracle Linux operating system must be configured to disable USB mass storage - blacklist. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020100 - The Red Hat Enterprise Linux operating system must be configured to disable USB mass storage. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020110 - The Red Hat Enterprise Linux operating system must disable the file system automounter unless required. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010590 - The SUSE operating system must disable the file system automounter unless required. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010590 - File system automounter must be disabled unless required. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| vCenter: vcenter-8.fips-enable | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000077 - The vCenter Server must enable FIPS-validated cryptography. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000077 - The vCenter Server must enable FIPS-validated cryptography. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-006000 - The vCenter Server for Windows must disable SNMPv1. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001110 - WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001110 - WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-MS-000040 - Unauthenticated Remote Procedure Call (RPC) clients must be restricted from connecting to the RPC server. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-SO-000110 - The computer account password must not be prevented from being reset. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-MS-000040 - Windows Server 2019 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-SO-000090 - Windows Server 2019 computer account password must not be prevented from being reset. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
