| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure X Window System is not installed | CIS Debian Linux 10 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure xorg-x11-server-common is not installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.12 (L1) Ensure 'Trust access to Visual Basic Project' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.4.1.1 Ensure iptables is installed | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure iptables is installed | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Enable IP6tables | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Verify AppArmor | CIS Docker 1.6 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.4 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.8 Secure the permissions of the SSLconfig.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| AZLX-23-001080 - Amazon Linux 2023 must have the firewalld servicew active. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_DTR_v2r2.audit from DISA Docker Enterprise 2.x Linux/UNIX v2r2 STIG | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | |
| DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_UCP_v2r2.audit from DISA Docker Enterprise 2.x Linux/UNIX v2r2 STIG | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | |
| DISA_STIG_Docker_Enterprise_2.x_Linux_Unix_v2r2.audit from DISA Docker Enterprise 2.x Linux/UNIX v2r2 STIG | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | |
| DTAVSEL-000 - The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-201 - The McAfee VirusScan Enterprise must be configured to receive all patches, service packs and updates from a DoD-managed source. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| Ensure IMAP and POP3 server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000004 - Firefox must be configured to not automatically check for updated versions of installed search plugins. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000010 - Firefox must be configured to prevent JavaScript from moving or resizing windows. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000026 - Firefox extension recommendations must be disabled. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000037 - Firefox encrypted media extensions must be disabled. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | CONFIGURATION MANAGEMENT |
| OL09-00-002370 - OL 9 must disable the use of user namespaces. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'AddressInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'FunctionInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'OverLimitAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Specifies whether the display-capture permissions-policy is checked or skipped | MSCT Edge v107 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| VCPG-67-000001 - VMware Postgres must limit the number of connections. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | ACCESS CONTROL |
