| 1.3 Ensure 'Sender reputation' is configured | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.11 (L2) Ensure comprehensive attachment filtering is applied | CIS Microsoft 365 Foundations v4.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.11 (L2) Ensure comprehensive attachment filtering is applied | CIS Microsoft 365 Foundations v4.0.0 L2 E3 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.6.6.6.2.8 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.9 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.8.4.1.4 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.1.5 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.10 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.11 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.9.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Access Control for Mobile Devices | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| Big Sur - Access Control for Mobile Devices | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Big Sur - Access Control for Mobile Devices | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Big Sur - Access Control for Mobile Devices | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL |
| Catalina - Access Control for Mobile Devices | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Catalina - Access Control for Mobile Devices | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Access Control for Mobile Devices | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL |
| Catalina - Access Control for Mobile Devices | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| JUSX-VN-000014 - The Juniper SRX Services Gateway VPN must use Encapsulating Security Payload (ESP) in tunnel mode. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | CONFIGURATION MANAGEMENT |
| Monterey - Access Control for Mobile Devices | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Monterey - Access Control for Mobile Devices | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| Monterey - Access Control for Mobile Devices | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Monterey - Access Control for Mobile Devices | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL |
| MS.EXO.2.2v2 - An SPF policy SHALL be published for each domain that fails all non-approved senders. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-AG-000015 - The Palo Alto Networks security platform, if used to provide intermediary services for remote access communications traffic (TLS or SSL decryption), must ensure inbound and outbound traffic is monitored for compliance with remote access security policies. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | ACCESS CONTROL |
| PANW-AG-000064 - The Palo Alto Networks security platform must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-AG-000073 - The Palo Alto Networks security platform must deny or restrict detected prohibited mobile code | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000074 - The Palo Alto Networks security platform must prevent the download of prohibited mobile code | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000094 - The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-AG-000144 - The Palo Alto Networks security platform must, at a minimum, off-load threat and traffic log records onto a centralized log server in real time | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000028 - The Palo Alto Networks security platform must send an immediate (within seconds) alert to, at a minimum, the SA when malicious code is detected. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000039 - The Palo Alto Networks security platform must off-load log records to a centralized log server. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000058 - The Palo Alto Networks security platform must off-load log records to a centralized log server in real-time. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000128 - The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
