| 1.7 Audit docker daemon | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7 Audit docker daemon | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit docker daemon | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.1.2 Ensure ntp is configured - daemon | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure ntp is configured - remote server | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure ntp is configured - restrict -4 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | ACCESS CONTROL |
| 3.3.5 Secure the JDK 32-bit runtime library - FILE_PERMISSIONS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | |
| 6. OpenStack Identity - Policy.json - 'identity:create_trust' | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| 6. OpenStack Networking - Policy.json - 'get_port:binding:host_id' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 7 - SSL implementation - start.ini --module=deploy | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.jar --module=deploy | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.jar --module=https | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.jar --module=ssl | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.1 Set 'Java permissions' to 'Enabled:High safety' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.5.1 Set 'Java permissions' to 'Enabled:High safety' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 20 - Enable Encryption | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| JBOS-AS-000300 - JBoss KeyStore and Truststore passwords must not be stored in clear text. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000227 The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000229 The Photon operating system must use a reverse-path filter for IPv4 network traffic. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000231 The Photon operating system must not perform IPv4 packet forwarding. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCTR-67-000023 - The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000051 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000063 - The vCenter Server must restrict access to the cryptographic role. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000999 - The version of vCenter running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
