| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Set 'logging trap informational' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.8 Audit docker daemon | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.5 Set 'logging trap informational' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.2 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6 | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | IDENTIFICATION AND AUTHENTICATION |
| 7 - File system permissions of log files | TNS Best Practice JBoss 7 Linux | Unix | CONFIGURATION MANAGEMENT |
| 8.3.19 Set 'Scripting of Java applets' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-70-000003 - The ESXi host must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000008 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000055 - The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000060 - All port groups on standard switches must be configured to reject guest Media Access Control (MAC) address changes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000089 - The ESXi Host Client must be configured with a session timeout. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000007 - The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000010 - The vCenter Server must limit the use of the built-in SSO administrative account. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000012 - The vCenter Server must disable the distributed virtual switch health check. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000013 - The vCenter Server must set the distributed port group Forged Transmits policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000016 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000018 - The vCenter Server must configure all port groups to a value other than that of the native VLAN. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000026 - The vCenter Server must check the privilege reassignment after restarts. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000029 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000035 - vCenter Server plugins must be verified. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000039 - The vCenter Server passwords must be at least 15 characters in length. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000040 - The vCenter Server passwords must contain at least one uppercase character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000042 - The vCenter Server passwords must contain at least one numeric character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000043 - The vCenter Server passwords must contain at least one special character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000062 - The vCenter Server must enable the login banner for vSphere Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000065 - The vCenter Server must have Mutual CHAP configured for vSAN iSCSI targets. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000067 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000073 - The vCenter Server must minimize access to the vCenter server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000074 - The vCenter Server Administrators must clean up log files after failed installations. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000076 - The vCenter Server Administrator role must be secured and assigned to specific users other than a Windows Administrator. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000077 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
