| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure a separate organizational unit (OU) in Active Directory exists for SharePoint 2019 objects. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | |
| 2.7 Ensure a separate organizational unit (OU) in Active Directory exists for SharePoint 2016 objects. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | |
| 5.2.3.3 (L1) Ensure password protection is enabled for on-prem Active Directory | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3.3 (L1) Ensure password protection is enabled for on-prem Active Directory | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 8.12 (L1) VMware Tools must limit the use of MSI transforms when reconfiguring VMware Tools | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 18.9.7.1.2 (L1) Ensure 'Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| All network interfaces are operating in full-duplex mode | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'sshd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable port locking by default on the VM guest network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable remote syslog | TNS Citrix Hypervisor | Unix | AUDIT AND ACCOUNTABILITY |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-list | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-statement | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUSX-VN-000012 - The Juniper SRX Services Gateway VPN must not accept certificates that have been revoked when using PKI for authentication. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | CONFIGURATION MANAGEMENT |
| KNOX-07-017200 - The Samsung Android 7 with Knox must be configured to disable Phone Visibility. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-017200 - The Samsung Android 7 with Knox must be configured to disable Phone Visibility. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Limits print driver installation to Administrators | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Limits print driver installation to Administrators | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Limits print driver installation to Administrators | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Limits print driver installation to Administrators | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Limits print driver installation to Administrators | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Passwords stored in 'secrets' are not visible | TNS Citrix Hypervisor | Unix | IDENTIFICATION AND AUTHENTICATION |
| Review the List of Users with ROLE_NAME | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| SP13-00-000055 - SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system. | DISA STIG SharePoint 2013 v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_files' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| vCenter : remove-failed-install-logs | VMWare vSphere 5.X Hardening Guide | VMware | |
| WDNS-SC-000006 - WINS lookups must be disabled on the Windows 2012 DNS Server. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000310 - Users must be prevented from changing installation options. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000310 - Users must be prevented from changing installation options. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000115 - Users must be prevented from changing installation options. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000115 - Users must be prevented from changing installation options. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000450 - Users must be prevented from changing installation options. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000420 - Windows Server 2019 must prevent users from changing installation options. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000420 - Windows Server 2022 must prevent users from changing installation options. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-001300 - A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'lwsmd' | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - External authentication is disabled | TNS Citrix XenServer | Unix | |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
