| 2.0 Install & Config - 'Disable SNMPv3' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.0 Install & Config - 'Disable SSHv1' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.0 Install & Config - 'Disable SSLv2' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.0 Install & Config - 'Disable Telnet' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.0 Install & Config - 'Enable SSHv2' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.1 Enable Secure Admin Access - 'autologout.telnet.timeout <= 5' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.1 Enable Secure Admin Access - 'ssh.passwd_auth.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Enable Secure Admin Access - 'ssh.pubkey_auth.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.1 Enable Secure Admin Access - 'telnet.distinct.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.4 Password Security - 'security.passwd.lockout.numtries = 6' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.5 Autologout - 'autologout.console.timeout <= 5' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.8 Protocol Access Controls - 'interface.blocked.cifs is not blank' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.ftpd has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.ndmp has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'telnet.access has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 3.1 Storage System (Hardware) Management - 'Change the root account password after each use' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.1 Storage System (Hardware) Management - 'FW version >= 4.0' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.2 Data ONTAP (Software) Mgmt - 'httpd.admin.hostsequiv.enable = off' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Data ONTAP (Software) Mgmt - 'Place e0M on a management VLAN' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.2 Data ONTAP (Software) Mgmt - 'ssh2.banner.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 3.3 Role-Based Access Control (RBAC) - 'RBAC has been implemented' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.10 (L1) Host must not suppress warnings that the shell is enabled | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 4.9 (L1) Host must transmit audit records to a remote log collector | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'CIFS protocol is disabled' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.4 CIFS - 'cifs.audit.autosave.file.extension has been configured' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.logon_events.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.smb2.client.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND INFORMATION INTEGRITY |
| 5.4 CIFS - 'ldap.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 5.4 CIFS - 'timed.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.5 NFS - 'nfs.kerberos.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 NFS - 'nfs.kerberos.realm has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 NFS - 'nfs.v3.enable = off' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.5 NFS - 'nfs.v4.acl.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'nfs.v4.enable = off' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.5 NFS - 'wafl.default_nt_user has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'wafl.wcc_minutes_valid has been configured' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000230 - The Cisco ASA must be configured to use FIPS-validated SHA-2 at 384 bits or higher for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| F5BI-AS-000165 - To protect against data mining, The BIG-IP ASM module must be configured to detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | ACCESS CONTROL |
| OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040180 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications - LDAP authentication communications. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| PANW-IP-000041 - The Palo Alto Networks security platform must protect against or limit the effects of known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds) - traffic thresholds | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-IP-000053 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when rootkits or other malicious software which allows unauthorized privileged or non-privileged access is detected. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000056 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-212040 - RHEL 9 must clear the page allocator to prevent use-after-free attacks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030270 - The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Internal | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010421 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
