| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure X Window System is not installed | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure X Window System is not installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE` | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9 Ensure 'SQL Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.16 Ensure Logging is enabled for HTTP(S) Load Balancer | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 3.4.1.1 Ensure iptables is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/hosts' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname x64 | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.8 Enable IP6tables | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Verify AppArmor | CIS Docker 1.6 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.4 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.7 Ensure Firewall is active | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-000 - The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000021 - Firefox autoplay must be disabled. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000025 - Firefox Enhanced Tracking Protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000025 - Firefox Enhanced Tracking Protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox Windows v6r6 | Windows | CONFIGURATION MANAGEMENT |
| OL6-00-000011 - System security patches and updates must be installed and up-to-date. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000240 - The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, generate cryptographic hashes, and protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
