| 3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-11-080203 - Apple iOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-012100 - Apple iOS must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-012100 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-012100 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011800 - Apple iOS/iPadOS 15 must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-711800 - Apple iOS/iPadOS 16 must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-711800 - Apple iOS/iPadOS 16 must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-711800 - Apple iOS/iPadOS 17 must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-011800 - Apple iOS/iPadOS 18 must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-011800 - Apple iOS/iPadOS 18 must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| Brocade - Bottleneck detection must be enabled | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG Solaris 10 X86 v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG Solaris 10 SPARC v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-VN-000011 - If IDPS inspection is performed separately from the Juniper SRX Services Gateway VPN device, the VPN must route sessions to an IDPS for inspection. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| Remote user login policy | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| SonicWALL - Detection Prevention - Randomize IP IDs | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Security Services - Gateway AV - CIFS/Netbios | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - FTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - IMAP | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - POP3 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - SMTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - SMTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000520 - Symantec ProxySG providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000600 - Symantec ProxySG providing content filtering must be configured to integrate with a system-wide intrusion detection system. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000250 - Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| TNS_Salesforce_Best_Practices_v1.2.0.audit from TNS Salesforce Best Practices Audit v1.2.0 | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Turn off Crash Detection | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Crash Detection | MSCT Windows 11 v23H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Crash Detection | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| vEdge Modify IKE Dead-Peer Detection | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| WN12-GE-000022 - Servers must have a host-based Intrusion Detection System. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000004 - Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000010 - Microsoft Defender AV must join Microsoft MAPS. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000046 - Microsoft Defender AV must use advanced protection against ransomware. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000055 - Microsoft Defender AV must randomize scheduled task times. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000058 - Microsoft Defender AV must enable extended cloud check. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000064 - Microsoft Defender AV must enable script scanning. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000069 - Microsoft Defender AV must disable auto exclusions. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000070 - Microsoft Defender AV must enable EDR in block mode. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000074 - Microsoft Defender AV must convert warn verdict to block. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000076 - Microsoft Defender AV must scan packed executables. | DISA Microsoft Defender Antivirus STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
