| 1.5.3 Set Boot Loader Password | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure 'TLS 1.0' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5' | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.1 Disable Local-only Graphical Login Environment | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 (L1) Ensure the maximum failed login attempts is set to 5 | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo timestamp_timeout is configured | CIS Oracle Linux 10 v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Ensure sudo timestamp_timeout is configured | CIS Oracle Linux 8 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.14 Ensure 'on-failure' container restart policy is set to '5' - RestartPolicyName | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=always | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 89.32 (L1) Ensure 'Replace Process Level Token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 10 v2004 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 11 v25H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'console session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - rmmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000001 - The Photon operating system must audit all account creations - useradd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000044 - The Photon operating system must audit all account modifications - usermod | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000047 - The Photon operating system must audit all account removal actions - userdel | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/insmod. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/modprobe. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/rmmod. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLEM-05-611045 - SLEM 5 must not allow passwords to be reused for a minimum of five generations. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | ACCESS CONTROL |
| XenServer - Auto-start is not enabled | TNS Citrix XenServer | Unix | |
