| 4 - Restrict access to $JETTY_HOME - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 5 - Authentication | TNS Best Practice Jetty 9 Linux | Unix | |
| 7 - SSL implementation - start.jar --module=https | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7 - SSL implementation - start.jar --module=ssl | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9 - Information Leakage | TNS Best Practice Jetty 9 Linux | Unix | |
| 9.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 26 - Setup Client-cert Authentication | TNS Best Practice Jetty 9 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| 30 - Ensure sslProtocol is set to TLS for Secure Connector | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 43 - Do not resolve hosts on logging valves - CONTEXT_XML | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| 45 - Restrict runtime access to sensitive packages | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| ARST-L2-000020 - The Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-L2-000020 - The Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000230 - The Cisco ASA must be configured to use FIPS-validated SHA-2 at 384 bits or higher for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Extreme : Configure max-failed-logins <= 3 | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | ACCESS CONTROL |
| Extreme : Disable Telnet | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
| F5BI-AP-300043 - The F5 BIG-IP appliance that provides intermediary services for HTTP must inspect inbound and outbound HTTP traffic for protocol compliance and protocol anomalies. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Admin password lockout threshold - '1-3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Disable SSHv1 admin access | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - DNS - primary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - DNS - secondary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Encrypt logs sent to FortiAnalyzer/FortiManager | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - External Logging - 'fortianalyzer3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer2 Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer3 Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Log user authentication messages | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - NTP server configuration - *.ntp.org | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Password Complexity - 1 non-alphanum character | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Review and disable unused interfaces | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Use non default admin access ports - 'SSH' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Wireless-activity event logging | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Huawei: Configure appropriate External Syslog server | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Enable AAA accounting | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Simple Password Authentication is not used. | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| PANW-IP-000018 - The Palo Alto Networks security platform must have a denial-of-service (DoS) Protection Profile for outbound traffic applied to a policy for traffic originating from the internal zone going to the external zone. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-IP-000055 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-212040 - RHEL 9 must clear the page allocator to prevent use-after-free attacks. | DISA Red Hat Enterprise Linux 9 STIG v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook is not configured' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Consumer Secret' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS is not configured' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Token Endpoint URL' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers in use' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Data Access Control - 'Enable CSRF protection on GET requests on non-setup pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030270 - The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA SLES 12 STIG v3r3 | Unix | ACCESS CONTROL |
| SLES-15-040450 - The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | ACCESS CONTROL |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Explicit | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - External | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Internal | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010421 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| UBTU-22-255060 - Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Canonical Ubuntu 22.04 LTS STIG v2r6 | Unix | ACCESS CONTROL |
