| 1.5.4 Ensure kernel.dmesg_restrict is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Ensure kernel.dmesg_restrict is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Ensure kernel.dmesg_restrict is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Ensure kernel.dmesg_restrict is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Ensure kernel.dmesg_restrict is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Ensure kernel.dmesg_restrict is configured | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Ensure kernel.dmesg_restrict is configured | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000440 - Anonymous user access to the Apache web server application directories must be prohibited. | DISA Apache Server 2.4 Windows Site STIG v2r2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-R2-000970 - Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources. | DISA Rancher Government Solutions RKE2 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000132 - The IIS 8.5 web server must separate the hosted applications from hosted web server management functionality. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB | MongoDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MS.POWERPLATFORM.3.1v1 - Power Platform tenant isolation SHALL be enabled. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.4.1v1 - Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.5.1v1 - The ability to create Power Pages sites SHOULD be restricted to admins. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.1v1 - URL comparison with a blocklist SHOULD be enabled. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.2v1 - User click tracking SHOULD be enabled. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| SP13-00-000150 - The SharePoint Central Administration site must not be accessible from Extranet or Internet connections. | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SRG-OS-000132-ESXI5 - vSphere management traffic must be on a restricted network. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000790 - Access to Tomcat manager application must be restricted. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000017 - ESX Agent Manager directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000017 - ESX Agent Manager directory tree must have permissions in an out-of-the-box state - out-of-the box state. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000009 - VAMI server binaries and libraries must be verified for their integrity. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000017 - Lookup Service directory tree must have permissions in an out-of-the-box state - out-of-the box state. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000095 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000095 - The vCenter Server user roles must be verified. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000017 - The Security Token Service directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000016 - vSphere UI directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000017 - The vSphere UI directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000005 - The vCenter Server for Windows users must have the correct roles assigned. | DISA VMware vSphere 6.5 vCenter Server for Windows STIG v2r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000006-DC - Data files owned by users must be on a different logical partition from the directory server data files. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Roles | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Services | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
