| 1.1.1.6 Ensure overlay kernel module is not available | CIS Red Hat Enterprise Linux 10 v1.0.1 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlay kernel module is not available | CIS AlmaLinux OS 8 v4.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.7 Ensure squashfs kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Traffic Control - Rate limiting | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure X Window System is not installed | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Set default ulimit as appropriate - default-ulimit | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2.11 Establish retention set size for backups - 'num_db_backups <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.1.1 Ensure ufw is installed | CIS Debian Linux 10 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure ufw is installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure ufw is installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure ufw is installed | CIS Debian Linux 10 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure ufw is installed | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1 Ensure ufw is installed | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1 Ensure ufw is installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.5 Ensure firewalld service is enabled and running | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.5 Ensure firewalld service is enabled and running | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure Linux Kernel Capabilities are restricted within containers | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.7 Do not map privileged ports within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 5.15 Do not share the host's process namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 8.3.1 Ensure unnecessary or superfluous functions inside VMs are disabled | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 9.3.1 Set SSH Protocol to 2 | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000200 - The out-of-band management (OOBM) Arista gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AZLX-23-000320 - Amazon Linux 2023 must not have the gssproxy package installed. | DISA Amazon Linux 2023 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| AZLX-23-001005 - Amazon Linux 2023 must not be configured to bypass password requirements for privilege escalation. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| AZLX-23-001050 - Amazon Linux 2023 must have the chrony package installed. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001200 - Amazon Linux 2023 SSH server must be configured to use systemwide crypto policies. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| AZLX-23-001280 - Amazon Linux 2023 must enable FIPS mode. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-002315 - Amazon Linux 2023 must ensure the /var/log directory have mode "0755" or less permissive. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-002330 - Amazon Linux 2023 must ensure the /var/log/messages file have mode "0640" or less permissive. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-002340 - Amazon Linux 2023 must ensure the /var/log/messages file be owned by root. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AZLX-23-002435 - Amazon Linux 2023 must automatically expire temporary accounts within 72 hours. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| AZLX-23-002570 - Amazon Linux 2023 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA Amazon Linux 2023 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| AZLX-23-002600 - Amazon Linux 2023 file system automount function must be disabled unless required. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable IKE Version 1/2 - group | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure mounting of cramfs filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00800 - The system must use a Linux Security Module configured to limit the privileges of system services - 'SELINUX = enforcing' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00800 - The system must use a Linux Security Module configured to limit the privileges of system services - 'SELINUXTYPE = targeted or strict' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002760-9 - The audit system must be configured to audit all administrative, privileged, and security actions - 'sched_setparam' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040400 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Oracle Linux 7 STIG v3r5 | Unix | ACCESS CONTROL |
| OL08-00-010000 - OL 8 must be a vendor-supported release. | DISA Oracle Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-030603 - OL 8 must enable Linux audit logging for the USBGuard daemon. | DISA Oracle Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000046 - The Photon operating system must initiate auditing as part of the boot process. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030603 - RHEL 8 must enable Linux audit logging for the USBGuard daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
