| 1.5 Ensure 'unique application pools' is set for sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Enable AES Password Encryption | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - lcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - lcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - lcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - minlen | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - ocredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - ocredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - ocredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth try_first_pass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth try_first_pass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - ucredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - minlen | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.6 Ensure shadow file is configured to use only encrypted representations of passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0141-ORACLE11 - Attempts to bypass access controls should be audited. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DISA_STIG_McAfee_VirusScan_8.8_Managed_Client_v6r1.audit from DISA McAfee VirusScan 8.8 Managed Client Security Technical implementation Guide v6r1 STIG | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Management_Interface_(VAMI)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | |
| DTBI670 - Scripting of Java applets must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI670-IE11 - Scripting of Java applets must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r6 | Windows | CONFIGURATION MANAGEMENT |
| F5BI-AP-300068 - The F5 BIG-IP appliance providing content filtering must detect use of network services that have not been authorized or approved by the information system security manager (ISSM) and information system security officer (ISSO), at a minimum. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-300069 - The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-300159 - The F5 BIG-IP appliance must be configured to use cryptographic algorithms approved by NSA to protect NSS for remote access to a classified network. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-300163 - The VPN Gateway must use Always On VPN connections for remote computing. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DM-300044 - The F5 BIG-IP appliance must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DM-300056 - The F5 BIG-IP appliance must be configured to use DOD approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-FW-300013 - The F5 BIG-IP appliance must be configured to use TCP when sending log records to the central audit server. | DISA F5 BIG-IP TMOS Firewall STIG v1r1 | F5 | CONFIGURATION MANAGEMENT |
| F5BI-LT-000213 - The F5 BIG-IP appliance providing user authentication intermediary services must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000025 - Java permissions must be set for hosted applications. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000295 - The JBoss Password Vault must be used for storing passwords or other sensitive configuration information. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MS.SHAREPOINT.3.2v1 - The allowable file and folder permissions for links SHALL be set to View only. | CISA SCuBA Microsoft 365 SharePoint Online OneDrive v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| Network security: Allow PKU2U authentication requests to this computer to use online identities. | MSCT Windows 10 1803 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Allow PKU2U authentication requests to this computer to use online identities. | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-090100 - The operating system must prevent the execution of prohibited mobile code. | DISA Solaris 11 X86 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-090100 - The operating system must prevent the execution of prohibited mobile code. | DISA Solaris 11 SPARC STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000630 - TLS must be enabled on JMX. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000780 - Access to JMX management interface must be restricted. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-05-000160 - Oracle WebLogic must enforce minimum password length. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000160 - Oracle WebLogic must enforce minimum password length. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN11-PK-000020 - The US DOD CCEB Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems. | DISA Microsoft Windows 11 STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
