| 1.3.2 Implement Periodic Execution of File Integrity - 0 5 * * * /usr/sbin/aide --check' | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1 Disable Local-only Graphical Login Environment | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 6.12 Ensure all HTTP Header Logging options are enabled - Referer | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v1909 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005190 - The .Xauthority files must not have extended ACLs. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
