| 1.7.3 Set SSH Key Modulus Length | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 5.003 - Booting into alternate operating systems is permitted. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.018 - Windows Messenger (MSN Messenger, .NET messenger) is run at system startup. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 20.1 Ensure 'Accounts require passwords' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.13 (L1) Ensure 'Web browser is supported and secured' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-NM-000500 - The Arista Multilayer Switch must be updated to one of the minimum approved versions of EOS. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| Brocade - Review admin user listings | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| CASA-ND-000530 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000550 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000570 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions. | DISA STIG Cisco ASA NDM v2r2 | Cisco | ACCESS CONTROL |
| CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-001040 - The Cisco router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001260 - The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001260 - The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enforce Password Change Interval | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-000059 - The virtual switch Forged Transmits policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000059 - The virtual switch Forged Transmits policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000216 - The ESXi host must configure virtual switch security policies to reject forged transmits. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| EX16-ED-000380 - The Exchange Sender Reputation filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts. | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts. | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| HP ProCurve - 'Enable SNMPv3' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| HP ProCurve - 'Secure Management VLAN is enabled' | TNS HP ProCurve | HPProCurve | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000030 - The Juniper layer 2 switch must be configured to disable all dynamic VLAN registration protocols. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| Maximum Validity Period (h) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| Password Strength Check - Enabled | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| Syslog - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| Syslog - Console Destination - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| vNetwork : enable-bpdu-filter | VMWare vSphere 5.X Hardening Guide | VMware | |
| vNetwork : enable-portfast | VMWare vSphere 5.X Hardening Guide | VMware | |
| WN12-AD-000008-DC - The time synchronization tool must be configured to enable logging of time source switching. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
