| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.18 Disable Userland Proxy | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.4.1.1 Ensure iptables is installed | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure FirewallD is installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - firewalld | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - iptables | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/hosts' | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/hosts' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/issue' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'issue.net' | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname x64 | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Do not disable AppArmor Profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.8 Secure the permissions of the SSLconfig.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | |
| 8.8 Secure the permissions of the SSLconfig.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| ARST-RT-000020 - The Arista BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Arista MLS EOS 4.x Router v2r2 | Arista | ACCESS CONTROL |
| DTAVSEL-000 - The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | MAINTENANCE |
| Ensure IMAP and POP3 server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000037 - Firefox encrypted media extensions must be disabled. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| RHEL-07-030330 - The Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-040100 - The Red Hat Enterprise Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Specifies whether the display-capture permissions-policy is checked or skipped | MSCT edge v96 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether the display-capture permissions-policy is checked or skipped | MSCT Edge v107 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
