| 1.3.2 Implement Periodic Execution of File Integrity - 0 5 * * * /usr/sbin/aide --check' | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.2 Ensure 'TLS 1.0' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 6.12 Ensure all HTTP Header Logging options are enabled - Referer | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-106 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN006650 - The Oracle Linux 5 operating system must use a virus scan program. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-002350 - OL 9 SSH daemon must disable remote X connections for interactive users. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000001 - The Photon operating system must audit all account creations - groupadd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/modprobe. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL |
