| 1.1.3.2.1.1 Ensure 'Allow Trusted Locations on the network' is set to Disabled | CIS Microsoft Office Access 2013 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.5 Enable macOS update installs | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Enable macOS update installs | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Ensure Install of macOS Updates Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.6.2.3.1 Ensure 'Allow Trusted Locations on The Network' is set to Disabled | CIS Microsoft Office PowerPoint 2013 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.6.6.2.3.1 Ensure 'Allow Trusted Locations on The Network' is set to Disabled | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.2.3.1 Ensure 'Allow Trusted Locations on the Network' is set to Disabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.12 Ensure 'Smart Lock' is set to 'Disabled' | MobileIron - CIS Google Android v1.6.0 L2 | MDM | ACCESS CONTROL |
| 1.12 Ensure 'Smart Lock' is set to 'Disabled' | AirWatch - CIS Google Android v1.6.0 L2 | MDM | ACCESS CONTROL |
| 2.3 Ensure Trusted Execution Path is enabled | CIS IBM AIX 7 v1.1.0 L2 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Lock Out Accounts if Not Currently in Use | CIS MariaDB 10.11 v1.0.0 L2 MariaDB RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL |
| 2.11 Lock Out Accounts if Not Currently in Use | CIS Oracle MySQL Community Server 8.4 v1.1.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL |
| 2.11 Lock Out Accounts if Not Currently in Use | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-NM-000440 - The Arista Multilayer Switch must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CASA-ND-001350 - The Cisco ASA must be configured to conduct backups of system-level information contained in the information system when changes occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | CONTINGENCY PLANNING |
| CISC-ND-001410 - The Cisco router must be configured to back up the configuration when changes occur. | DISA Cisco IOS Router NDM STIG v3r6 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-ND-001410 - The Cisco router must be configured to back up the configuration when changes occur. | DISA Cisco IOS XE Router NDM STIG v3r6 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA Cisco IOS Switch NDM STIG v3r6 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA Cisco IOS XE Switch NDM STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| DTAM100 - McAfee VirusScan On-Access Default Processes Policies must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM100 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Ensure that the 'max_allowed_packet' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_user_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'sql_mode' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'wait_timeout' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000120 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000175 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000240 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000350 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000410 - Exchange Message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000115 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000128 - Exchange message size restrictions must be controlled on send connectors. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DM-000279 - The BIG-IP appliance must be configured to create backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| F5BI-DM-300060 - The F5 BIG-IP appliance must conduct backups of the configuration at a weekly or organization-defined frequency and store on a separate device. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| FGFW-ND-000180 - The FortiGate device must conduct backups of system-level information contained in the information system when changes occur. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| Maximum password age | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows 10 1803 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows 10 1809 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Tenable_Best_Practices_F5_BIG-IP_v1.0.0.audit from K53108777: Hardening your F5 system | Tenable F5 BIG-IP Best Practice Audit | F5 | |
| TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |
