| 1.6.6.2.6 Ensure 'Require That Application Add-ins are Signed by Trusted Publisher' is set to Enabled | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.27 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Manage auditing and security log' is set to 'Administrators' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.27.14 (L1) Ensure 'Encryption type for password protected Office Open XML files' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.2.3 Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.2.4 Ensure 'Set document behavior if file validation fails' is set to 'Unchecked: Do not allow edit' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.8.4.1.2 (L1) Ensure 'Require that application add-ins are signed by Trusted Publisher' to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - InfoPath | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.2.4 Ensure 'Set document behavior if file validation fails' is set to 'Unchecked: Do not allow edit' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.11.8.7.2.6 (L1) Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Set 'Enable OOF messages to remote domains' to 'None' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.3 Set 'Always expand groups in Office when restricting permission for documents' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MAXREPEATS = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - PASSLENGTH = 8 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - WHITESPACE = yes | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.10.6.1 Ensure 'Turn off Inventory Collector' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.1 Ensure 'Accounts require passwords' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Block Flash activation in Office documents | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - ActivationFilterOverride - D27CDB6E-AE6D-11CF-96B8-444553540000 - office 16.0 - 32-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - ActivationFilterOverride - D27CDB70-AE6D-11CF-96B8-444553540000 - office 16.0 - 32-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - ActivationFilterOverride - D27CDB70-AE6D-11CF-96B8-444553540000 - office 16.0 - 64-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - office - 64-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - Office 16.0 - WOW6432Node | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB6E-AE6D-11CF-96B8-444553540000 - Office 16.0 - WOW6432Node | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - office - 32-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - office - 64-bit | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - Office 16.0 - WOW6432Node | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Block Flash activation in Office documents - Compatibility Flags - D27CDB70-AE6D-11CF-96B8-444553540000 - Office 16.0 - WOW6432Node | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Disable all Trust Bar notifications for security issues | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Disable all Trust Bar notifications for security issues | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Disable all Trust Bar notifications for security issues | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Disable all Trust Bar notifications for security issues | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO179 - Documents must be configured to not open as Read Write when browsing. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO200 - Office must be configured to not allow read with browsers. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | ACCESS CONTROL |
| JUSX-VN-000004 - The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
