| 1.1.1.7 Ensure squashfs kernel module is not available | CIS Rocky Linux 10 v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.7 Ensure squashfs kernel module is not available | CIS Ubuntu Linux 20.04 LTS v3.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.7 Ensure squashfs kernel module is not available | CIS Ubuntu Linux 22.04 LTS v3.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.59 APPL-14-001150 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| 2.3.3 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE` | CIS Oracle Database 19c v2.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.4 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE` | CIS Oracle Database 23ai v1.1.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.3.4.5 Ensure pam_unix includes a FIPS 140-2 approved hashing algorithm | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.20 Do not share the host's UTS namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.20 Do not share the host's UTS namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 100. OpenStack Identity - Policy.json - 'identity:list_policies' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| 100. OpenStack Networking - Policy.json - 'get_subnet' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| ALMA-09-030820 - AlmaLinux OS 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-001275 - Amazon Linux 2023 must implement DOD-approved encryption to protect the confidentiality of remote access sessions. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-003290 - The Kubernetes API Server must be set to audit log max size. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-107 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-110 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000015 - Firefox development tools must be disabled. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000018 - Firefox must prevent the user from quickly deleting data. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | AUDIT AND ACCOUNTABILITY |
| FFOX-00-000019 - Firefox private browsing must be disabled. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000033 - Firefox must be configured so that DNS over HTTPS is disabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r4 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020000 - Oracle Linux 7 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository. | DISA Oracle Linux 7 STIG v3r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040010 - OL 8 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository. | DISA Oracle Linux 8 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000105 - OL 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-030340 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-700660 - RHEL 10 must be configured so that all network connections associated with Secure Shell (SSH) traffic terminate after becoming unresponsive. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000126 The vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL |
