| 1.3.1 Ensure AIDE is installed | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6 Ensure Warn users before password expiration is set to 7 days | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
| 4.1.15 Ensure file deletion events by users are collected - 32 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure file deletion events by users are collected - auditctl 64 bit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5.3.3 Ensure default user umask is configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.3.3 Ensure default user umask is configured | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.27 Ensure SSH does not permit GSSAPI | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - users | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - users | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - users | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.3.3 Ensure default user umask is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.3.3 Ensure default user umask is configured | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.3.3 Ensure default user umask is configured | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.11 Ensure password prohibited reuse is at a minimum 5 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.5.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.5.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.5.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.2.10 Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.2.11 (BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.58 Ensure 'Shared user accounts do not exist' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| CIS_CentOS_Linux_7_v4.0.0_L1_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_CentOS_Linux_7_v4.0.0_L2_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L2_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | |
| DG0071-ORACLE11 - New passwords must be required to differ from old passwords by more than four characters - 'PASSWORD_VERIFY_FUNCTION is not set to NULL or DEFAULT' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| OH12-1X-000233 - OHS hosted web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Central Administration is a separate App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - No Applications assigned to Default App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | |
| WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| WN11-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000040 - Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. | DISA Windows Server 2016 STIG v2r9 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000030 - Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000040 - Windows Server 2019 source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000400 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000040 - Windows Server 2022 source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
