| 1.10 Ensure 'Install unknown apps' is set to 'Disabled' | AirWatch - CIS Google Android v1.6.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure 'extproc' Is Not Enabled | CIS Oracle Database 19c v2.0.0 L1 RDBMS On Host OS Windows | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | ACCESS CONTROL |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v2.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 26 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 26 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | |
| 4.3 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 18 v2.0.0 L1 End User Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.7 Ensure 'Automatic Downloads' of 'App Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v2.0.0 L1 Institution Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure a client list is set for SNMPv1/v2 communities | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Red_Hat_Enterprise_Linux_9_STIG_v1.0.0_CAT_III.audit from CIS Red Hat Enterprise Linux 9 STIG Benchmark v1.0.0 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT III | Unix | |
| DISA_STIG_Red_Hat_Enterprise_Linux_9_v2r8.audit from DISA Red Hat Enterprise Linux 9 STIG v2r8 | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | |
| DISA_STIG_Red_Hat_Enterprise_Linux_10_v1r1.audit from DISA Red Hat Enterprise Linux 10 STIG v1r1 | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | |
| DISA_STIG_RHEL_6_v2r2.audit from DISA Red Hat Enterprise Linux 6 v2r2 STIG | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | |
| DTAVSEL-106 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-107 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| F5BI-AP-300161 - The F5 BIG-IP appliance providing remote access intermediary services must disable split-tunneling for remote clients' VPNs. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN007841-ESXI5-000120 - Wireless network adapters must be disabled. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020100 - The Red Hat Enterprise Linux operating system must be configured to disable USB mass storage. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-021710 - The Red Hat Enterprise Linux operating system must not have the telnet-server package installed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030560 - The Red Hat Enterprise Linux operating system must audit all uses of the semanage command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030590 - The Red Hat Enterprise Linux operating system must audit all uses of the setfiles command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030660 - The Red Hat Enterprise Linux operating system must audit all uses of the chage command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030670 - The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030680 - The Red Hat Enterprise Linux operating system must audit all uses of the su command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030720 - The Red Hat Enterprise Linux operating system must audit all uses of the chsh command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030750 - The Red Hat Enterprise Linux operating system must audit all uses of the umount command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEV: Review Events with severity >= Error | Tenable RedHat Enterprise Virtualization | RHEV | |
| SOL-11.1-040260 - The default umask for FTP users must be 077. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040260 - The default umask for FTP users must be 077. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| WPAW-00-000600 - All high-value IT resources must be assigned to a specific administrative tier to separate highly sensitive resources from less sensitive resources. | DISA Microsoft Windows PAW STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
