| 1.2.3 Limit SSH Login Attempts to 3 or less | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.10 OEM objects - 'Remove if OEM not used' | CIS v1.1.0 Oracle 11g OS L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.18 sqlnet.ora - 'trace_directory_server parameter settings' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 5.2 Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.65.1 (L1) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.65.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.65.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.65.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.91.2 (L2) Ensure 'Allow mapping folders into Windows Sandbox' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.91.2 (L2) Ensure 'Allow mapping folders into Windows Sandbox' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.4.2 (L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: 180 or more days' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 20.3 (L1) Ensure 'Microsoft Internet Explorer is not installed on the system' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 103.3 (L1) Ensure 'Defer Quality Updates Period (Days)' is set to 'Enabled: 0 days' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| Default Protections for Recommended Software - InfoPath | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre6_javaws | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre7_javaws | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Lync | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Lync | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - PPTViewer | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Visio | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'No listeners are running' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO6740-ORACLE11 - The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON - '$ORACLE_HOME/network/admin/listener.ora ADMIN_RESTRICTIONS_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-018600 - Oracle Database software must be evaluated and patched against newly found vulnerabilities. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| O112-BP-026400 - The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | CONFIGURATION MANAGEMENT |
| O112-C2-006800 - The DBMS must provide audit record generation capability for organization-defined auditable events within the database. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-018900 - The DBMS must prevent unauthorized and unintended information transfer via shared system resources. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-291040 - RHEL 9 wireless network adapters must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-10-000270 - Oracle WebLogic must be integrated with a tool to monitor audit subsystem failure notification information that is sent out (e.g., the recipients of the message and the nature of the failure). | Oracle WebLogic Server 12c Linux v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-10-000270 - Oracle WebLogic must be integrated with a tool to monitor audit subsystem failure notification information that is sent out (e.g., the recipients of the message and the nature of the failure). | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WN10-00-000045 - The Windows 10 system must use an anti-virus program. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000250 - Windows 10 nonpersistent VM sessions must not exceed 24 hours. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
