| 1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 5.140 - The HBSS McAfee Agent is not installed. - FrameworkService | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - PASSLENGTH = 8 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 7.6 Ensure that port groups are not configured to VLAN 4095 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.1 Ensure 'Accounts require passwords' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| APPNET0064 - .Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r4 | Windows | CONFIGURATION MANAGEMENT |
| Auditing and logging | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000250 - The Cisco router must be configured to generate audit records when successful/unsuccessful attempts to logon with access privileges occur. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000330 - The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| DG0096-ORACLE11 - The DBMS IA policies and procedures should be reviewed annually or more frequently. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| GEN003619 - The system must not be configured for network bridging. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003619 - The system must not be configured for network bridging. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Disable SNMPv2' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| HP ProCurve - 'Disable Telnet' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Enable ARP protection' | TNS HP ProCurve | HPProCurve | SYSTEM AND COMMUNICATIONS PROTECTION |
| HP ProCurve - 'Enable DHCP snooping' | TNS HP ProCurve | HPProCurve | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000140 - The Juniper EX switch must be configured to enable Dynamic Address Resolution Protocol (ARP) Inspection (DAI) on all user VLANs. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000004 - The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| Local password complexity - password minimum-length | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Policies - Pod - Date and Time Policy - Administrative State | Tenable Cisco ACI | Cisco_ACI | |
| SNMP Destination - Version | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| SNMPv1 and v2c vs SNMPv3 - snmp community | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmp-server community | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| vNetwork : upstream-bpdu-stp | VMWare vSphere 5.X Hardening Guide | VMware | |
| Web Session Idle Timeout (s) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
