| 1.3 Disable all management related services on WAN port | CIS Fortigate 7.0.x v1.4.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.35 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.35 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.40 Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.43 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.43 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 8.3.4 (L1) Ensure standard processes are used for VM deployment | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.3.4 Ensure standard processes are used for VM deployment | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 81.38 (L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000012 - The SSH daemon must ignore .rhosts files. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000013 - The SSH daemon must not allow host-based authentication. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000015 - The SSH daemon must not allow authentication using an empty password. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000016 - The SSH daemon must not permit user environment settings. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000017 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000020 - The SSH daemon must perform strict mode checking of home directory configuration files. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000022 - The SSH daemon must be configured to not allow gateway ports. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000024 - The SSH daemon must not accept environment variables from the client. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000025 - The SSH daemon must not permit tunnels. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000026 - The SSH daemon must set a timeout count on idle sessions. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | ACCESS CONTROL |
| ESXI-06-000027 - The SSH daemon must set a timeout interval on idle sessions. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | ACCESS CONTROL |
| ESXI-06-000028 - The SSH daemon must limit connections to a single session. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | ACCESS CONTROL |
| ESXI-06-000029 - The system must remove keys from the SSH authorized_keys file. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000032 - The system must prohibit the reuse of passwords within five iterations. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000033 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000044 - The system must enable kernel core dumps. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000047 - The Image Profile and VIB Acceptance Levels must be verified. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000056 - The system must configure the firewall to restrict access to services running on the host. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-100047 - The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-200047 - The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components by verifying Image Profile and VIP Acceptance Levels. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | CONFIGURATION MANAGEMENT |
| IIST-SI-000208 - An IIS 10.0 website behind a load balancer or proxy server must produce log records containing the source client IP, and destination information. | DISA IIS 10.0 Site v2r14 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000109 - An IIS 10.0 web server behind a load balancer or proxy server must produce log records containing the source client IP and destination information. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000208 - An IIS 8.5 website behind a load balancer or proxy server, must produce log records containing the source client IP and destination information. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000242 - The IIS 8.5 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| NIST_macOS_Monterey_800-53r5_high_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | |
| NIST_macOS_Monterey_800-53r5_moderate_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | |
| NIST_macOS_Monterey_800-171_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-171 | Unix | |
