| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.4 Ensure NTP 'maxpoll' is set - maxpoll is set. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.20 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.35 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 4.1.12 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure unsuccessful unauthorized file access attempts are collected - EACCES 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure unsuccessful unauthorized file access attempts are collected - EACCES 64 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.6 Ensure SSH Protocol is set to 2 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.23 Ensure RSA rhosts authentication is not allowed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.25 Ensure SSH setting for 'IgnoreUserKnownHosts' is enabled - IgnoreUserKnownHosts is enabled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.003 - Booting into alternate operating systems is permitted. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.4.11 Ensure default user shell timeout is 600 seconds or less | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 6.2.8 Ensure users' home directories permissions are 750 or more restrictive | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure all local interactive user home directories are group-owned | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 7. OpenStack Identity - Policy.json - 'identity:get_endpoint' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| 7. OpenStack Networking - Policy.json - 'get_port:queue_id' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 7.1.2 Set Password Change Minimum Number of Days - 7+ | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.1.3 Set Password Expiring Warning Days - PASS_WARN_AGE >= 7 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 16 - ORB Subsystem - Initializers On | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.7.2 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.1 Ensure 'Accounts require passwords' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=7' | IBM System i Security Reference for V7R3 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| Turn on Enhanced Protected Mode | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000039 - The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF) generated routes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000045 - The system must be configured to use Safe DLL Search Mode. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000045 - The system must be configured to use Safe DLL Search Mode. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
