| 1.1.7 - AirWatch - Forget Wi-Fi networks to prevent automatic rejoin | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.1.2.3 Ensure company contacts is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.2.1 (L1) Ensure emergency access account activity is monitored | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 3.19 (L1) Host must have an accurate Exception Users list | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor/ | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor/ | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.12 Ensure changes to network gateways are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Debian 10 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2 Monitor Docker containers usage, performance and metering | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | |
| 6.2 Monitor Docker containers usage, performance and metering | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 6.2 Monitor Docker containers usage, performance and metering | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | |
| 6.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| Ensure 'logging to monitor' is disabled - show logging | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - auditctl b64 sethostname | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - b64 sethostname | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| ESXI-06-000075 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted by use of an external proxy server. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| IIST-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 10.0 website must be removed. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000216 - The IIS 10.0 website must have resource mappings set to disable the serving of certain file types. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 8.5 website must be removed. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| Management Access Policy - HTTPS - Cipher Configuration | Tenable Cisco ACI | Cisco_ACI | |
| RHEL-07-010343 - The Red Hat Enterprise Linux operating system must require re-authentication when using the 'sudo' command - sudo command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010344 - The Red Hat Enterprise Linux operating system must not be configured to bypass password requirements for privilege escalation. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010481 - The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-020021 - The Red Hat Enterprise Linux operating system must confine SELinux users to roles that conform to least privilege. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-020200 - The Red Hat Enterprise Linux operating system must remove all software components after updated versions have been installed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-040300 - The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040460 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon uses privilege separation. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040600 - For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020040 - The operating system must protect audit tools from unauthorized modification. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020080 - System packages must be configured with the vendor-provided files, permissions, and ownerships. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SP13-00-000055 - SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system. | DISA STIG SharePoint 2013 v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000290 - Splunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000053 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000054 - The vCenter Server for Windows must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| XenServer - Enable port locking by default on the VM guest network | TNS Citrix XenServer | Unix | |
