| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| APPL-13-002069 - The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'Directory' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule env_module' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice | Windows | |
| Fortigate - full-final-warning-threshold <= 95% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-first-warning-threshold <= 75% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Local Logging is enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Log WAN optimization messages | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - SNMP community string - 'public' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - SNMP v3 uses AES instead of DES | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - SSH login grace time <= 30 seconds | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - System event logging | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - VPN event logging | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY |
| HTTP TRACE method should be disabled. 'RewriteLogLevel' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Huawei: Disable SNMP write access | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Enable AAA authorization | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Set 'login' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set 'shell' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set appropriate 'login' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set System Name | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| MaxKeepAliveRequests parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Non-Essential modules should be disabled. 'mod_autoindex' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_status' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| OL07-00-020022 - The Oracle Linux operating system must not allow privileged accounts to utilize SSH. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL07-00-020023 - The Oracle Linux operating system must elevate the SELinux context when an administrator calls the sudo command. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OpenStack Compute - user/group ownership of config files set to root/nova - /etc/nova/policy.json | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - disable_password_reveal parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - password_autocomplete parameter set to off | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - SESSION_COOKIE_SECURE parameter set to True | TNS OpenStack Dashboard/Horizon Security Guide | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Horizon - strict permissions set for horizon configuration files - /etc/openstack-dashboard/local_settings.py | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/ssl/private/signing_key.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - strict permissions set for Compute configuration files - /etc/neutron/neutron.conf | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - user/group ownership of config files set to root/neutron - /etc/neutron/api-paste.ini | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| PANW-AG-000064 - The Palo Alto Networks security platform must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection - within seconds alert to the system administrator, at a minimum, in response to malicious code detection | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-431016 - RHEL 9 must elevate the SELinux context when an administrator calls the sudo command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-651030 - RHEL 9 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| User IDs which disclose the privileges associated with it, should not be created. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice | Unix | ACCESS CONTROL |
