| 1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.102.3 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 105.3 (L1) Ensure 'Password Complexity' is set to 'Large letters + small letters + numbers + special characters' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| GEN002820-7 - The audit system must be configured to audit all discretionary access control permission modifications - 'lchown' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-7 - The audit system must be configured to audit all discretionary access control permission modifications - 'lchown' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-7 - The audit system must be configured to audit all discretionary access control permission modifications - 'lchown32' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-7 - The audit system must be configured to audit all discretionary access control permission modifications - 'lchown32' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000150 - For nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configured SSHv2 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| KNOX-07-012100 - The Samsung Android 7 with Knox must implement the management setting: Enable CC mode. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-012100 - The Samsung Android 7 with Knox must implement the management setting: Enable CC mode. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-012700 - The Samsung Android 7 with Knox must implement the management setting: Disable S Voice. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-012700 - The Samsung Android 7 with Knox must implement the management setting: Disable S Voice. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-012900 - The Samsung Android 7 with Knox must implement the management setting: Disable Admin Remove. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-014300 - The Samsung Android 7 with Knox must implement the management setting: Container Account whitelist. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-014300 - The Samsung Android 7 with Knox must implement the management setting: Container Account whitelist. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-017200 - The Samsung Android 7 with Knox must be configured to disable Phone Visibility. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000070 - Splunk Enterprise must use SSL to protect the confidentiality and integrity of transmitted information. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| SPLK-CL-000090 - When Splunk Enterprise is distributed over multiple servers, each server must be configured to disable non-essential capabilities. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | CONFIGURATION MANAGEMENT |
| SPLK-CL-000105 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000170 - Splunk Enterprise must use TCP for data transmission. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | CONFIGURATION MANAGEMENT |
| SPLK-CL-000190 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | ACCESS CONTROL |
| SPLK-CL-000260 - The System Administrator (SA) and Information System Security Officer (ISSO) must configure the retention of the log records based on the defined security plan. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000270 - Splunk Enterprise must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role - or individuals or roles appointed by the ISSM to be assigned to the Power User role. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000310 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000330 - Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000390 - Splunk Enterprise must prohibit password reuse for a minimum of five generations for the account of last resort. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| Turn on SmartScreen Filter scan - Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Internet Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Internet Zone | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Locked-Down Restricted Sites Zone | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
