| 1.1.3 (L1) Ensure that between two and four global admins are designated | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 1.1.3 (L1) Ensure that between two and four global admins are designated | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 1.4 Ensure that the Forged Transmits policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5 Ensure that VDS Netflow traffic is only being sent to authorized collector IP Addresses | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 2.2 Configure the ESXi host firewall to restrict access to services running on the host | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.28 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.4 Do not use default self-signed certificates for ESXi communication | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 2.6 Ensure proper SNMP configuration- 'community name public does not exist' | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 2.8 When adding ESXi hosts to Active Directory use the vSphere Authentication Proxy to protect passwords | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Community Server 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS Oracle MySQL Enterprise Edition 8.4 v1.1.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure the vpxuser account's password is automatically changed every 10 or fewer days | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 5.1.4 Ensure an Inventory of Administrator accounts is established and maintained | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.5 Remove keys from SSH authorized_keys file | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 5.6 Set a timeout to automatically terminate idle ESXi Shell and SSH sessions | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 6.1 Enable bidirectional CHAP authentication for iSCSI traffic | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 7.1.2 Ensure that the MAC Address Change policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.6 Verify that the autoexpand option for VDS dvPortgroups is disabled | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 7.2.1 Ensure that port groups are not configured to the value of the native VLAN | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 7.3.1 Ensure that the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.2 Limit informational messages from the VM to the VMX file | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.1.3 Limit sharing of console connections | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 8.2.1 Disconnect unauthorized devices - Floppy Devices | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | MEDIA PROTECTION |
| 8.3.1 Disable unnecessary or superfluous functions inside VMs | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.3.3 Use secure protocols for virtual serial port access | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 8.4.9 Disable Unity Active | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.10 Disable Unity Window Contents | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 Disable Drag and Drop Version Set | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.14 Disable Shell Action | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.28 Disable VM Console Paste operations | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.5.1 Prevent virtual machines from taking over resources - Num CPU Shares | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.6.1 Avoid using nonpersistent disks | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS on Linux MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 13 BYOAD v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 14 COPE STIG v2r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 BYOAD v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 15 COBO STIG v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-007200 - Google Android 16 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 16 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-007200 - Google Android 16 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 16 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| KNOX-07-003300 - The Samsung must be configured to disable authentication mechanisms providing user access to protected data - Password | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002300 - Microsoft Android 11 must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MYS8-00-007500 - The MySQL Database Server 8.0 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
| ZEBR-10-002300 - Zebra Android 10 must be configured to disable trust agents - NA for specific biometric authentication factors included in the products Common Criteria evaluation. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
