| 18.9.25.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Microsoft Groove 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO111 - The Internet Explorer Bind to Object functionality must be enabled. | DISA STIG Microsoft Groove 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO111 - The Internet Explorer Bind to Object functionality must be enabled. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - The Saved from URL mark must be selected to enforce Internet zone processing. | DISA STIG Microsoft Groove 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Scripted Window Security must be enforced. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000050 - The FortiGate device must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000095 - The FortiGate device must generate audit records containing information that establishes the identity of any individual or process associated with the event. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000165 - The FortiGate device must use LDAP for authentication. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000170 - The FortiGate device must be running an operating system release that is currently supported by the vendor. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000185 - The FortiGate device must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| FGFW-ND-000205 - The FortiGate device must implement replay-resistant authentication mechanisms for network access to privileged accounts | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000230 - The FortiGate device must enforce password complexity by requiring that at least one lowercase character be used. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000235 - The FortiGate device must enforce password complexity by requiring at least one numeric character be used. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000285 - The FortiGate device must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive). | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-000003 - OL 9 must be configured so that a separate file system must be used for user home directories (such as /home or an equivalent). | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000007 - OL 9 must use a separate file system for /var/tmp. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000047 - OL 9 must be configured to disable USB mass storage. | DISA Oracle Linux 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000050 - OL 9 must require a unique superuser's name upon booting into single-user and maintenance modes. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-000065 - OL 9 must enable the SELinux targeted policy. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-000070 - OL 9 must enable FIPS mode. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-000115 - OL 9 must not have the gssproxy package installed. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000125 - OL 9 must not have the tuned package installed. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000221 - OL 9 must be configured so that the firewalld service is active. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OL09-00-000250 - OL 9 networked systems must have SSH installed. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-000254 - OL 9 SSH server must be configured to use only ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-000262 - OL 9 SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-000280 - OL 9 must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA Oracle Linux 9 STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000300 - OL 9 must have the Advanced Intrusion Detection Environment (AIDE) package installed. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-000303 - OL 9 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002524 - OL 9 library files must be owned by root. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002525 - OL 9 library files must have mode 0755 or less permissive. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002530 - OL 9 /boot/grub2/grub.cfg file must be group-owned by root. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002549 - OL 9 /etc/passwd- file must have mode 0644 or less permissive to prevent unauthorized access. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002551 - OL 9 /etc/shadow- file must be group-owned by root. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002561 - OL 9 /var/log directory must be owned by root. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-002565 - OL 9 /var/log/messages file must have mode 0640 or less permissive. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-002580 - OL 9 cron configuration directories must have a mode of 0700 or less permissive. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-003011 - OL 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-003020 - OL 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-003023 - OL 9 must ensure account lockouts persist. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-005000 - OL 9 remote access methods must be monitored. | DISA Oracle Linux 9 STIG v1r4 | Unix | ACCESS CONTROL |
| OL09-00-005030 - OL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-006027 - OL 9 must use a reverse-path filter for IPv4 network traffic, when possible, by default. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-006040 - OL 9 must not accept router advertisements on all IPv6 interfaces. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| XenServer - Auto-start is not enabled | TNS Citrix XenServer | Unix | |
