| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Set 'logging trap informational' | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.7 Audit docker daemon | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.5 Set 'logging trap informational' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.5 Set 'logging trap informational' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 14.0 Sonoma v3.0.0 L2 | Unix | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 15.0 Sequoia v2.0.0 L2 | Unix | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 13.0 Ventura v4.0.0 L2 | Unix | ACCESS CONTROL |
| 6.5 Configure Network Time Protocol (NTP) - restrict -6 | CIS Debian Linux 7 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000005 - The FortiGate firewall must use filters that use packet headers and packet attributes, including source and destination IP addresses and ports. | DISA Fortigate Firewall STIG v1r4 | FortiGate | ACCESS CONTROL |
| FNFG-FW-000015 - The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points. | DISA Fortigate Firewall STIG v1r4 | FortiGate | ACCESS CONTROL |
| FNFG-FW-000020 - The FortiGate firewall must generate traffic log entries containing information to establish what type of events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000025 - The FortiGate firewall must generate traffic log entries containing information to establish when (date and time) the events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000030 - The FortiGate firewall must generate traffic log entries containing information to establish the network location where the events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000035 - The FortiGate firewall must generate traffic log entries containing information to establish the source of the events, such as the source IP address at a minimum. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000040 - The FortiGate firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000050 - The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000055 - The FortiGate firewall must protect the traffic log from unauthorized modification of local log records. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000060 - The FortiGate firewall must protect the traffic log from unauthorized deletion of local log files and log records. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000065 - The FortiGate firewall must disable or remove unnecessary network services and functions that are not used as part of its role in the architecture. | DISA Fortigate Firewall STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FNFG-FW-000070 - The FortiGate firewall must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000125 - When employed as a premise firewall, FortiGate must block all outbound management traffic. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000135 - The FortiGate firewall must be configured to inspect all inbound and outbound traffic at the application layer. | DISA Fortigate Firewall STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FNFG-FW-000145 - The FortiGate firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Fortigate Firewall STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FNFG-FW-000160 - The FortiGate firewall must generate traffic log records when traffic is denied, restricted, or discarded. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000165 - The FortiGate firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000320 - The JBoss server must be configured to restrict access to the web servers private key to authenticated system administrators. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000225 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 - The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040340 - Consecutive login attempts for SSH must be limited to 3. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000006 - Lookup Service must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-70-000006 - Performance Charts must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-70-000006 - vSphere UI must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
