| 18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001295 - Adobe Acrobat Pro DC Classic Repair Installation must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| All network interfaces are operating in full-duplex mode | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Check for server certificate revocation | MSCT Windows 10 1803 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 10 v21H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server v1909 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 2016 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 10 v2004 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for signatures on downloaded programs | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server v1909 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'sshd' | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| Enable port locking by default on the VM guest network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable remote syslog | TNS Citrix Hypervisor | Unix | AUDIT AND ACCOUNTABILITY |
| HP ProCurve - 'Disable IP Stack Management' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'RADIUS or TACACS Authentication is configured' | TNS HP ProCurve | HPProCurve | |
| Install a trusted CA certificate on the pool | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Passwords stored in 'secrets' are not visible | TNS Citrix Hypervisor | Unix | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Client AV Enforcement On - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Detection Prevention - Randomize IP IDs | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Flood Protection - TCP - Handshake enforcement | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Flood Protection - TCP - Timeout <= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - IDP ON - DMZ | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - IDP ON - WAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Logging Level - Information | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Password Policy - Complexity Level | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Review the NTP server configuration | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Security Services - Gateway AV - FTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - POP3 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - Signature Timestamp | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Security Services - Gateway AV - SMTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - IDP - Signature Timestamp | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Block the conn. and log the event | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Certs - Untrusted CA | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Detect Expired Certificates | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Enable Whitelist | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'lwsmd' | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - External authentication is disabled | TNS Citrix XenServer | Unix | |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Snapshots are not present | TNS Citrix XenServer | Unix | |
