| 1.2 Ensure extraneous files and directories are removed | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.6.1 Set 'Disallow Digest authentication' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.3 Disable MySQL Command History | CIS MySQL 8.0 Community Linux OS L2 v1.1.0 | Unix | MEDIA PROTECTION |
| 2.2.6 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 2.8 Ensure 'Scan For Startup Procs' Server Configuration Option is set to '0' - 0 | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'Scan For Startup Procs' Server Configuration Option is set to '0' - 0 | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.11 Ensure Unnecessary SQL Server Protocols are set to 'Disabled' - 'Named Pipes protocol is disabled' | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure remote logging is configured for ESXi hosts | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.11.55.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11.55.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'ETW Logging' is enabled - Sites logFormat W3C with ETW target | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.7.1 Ensure Logging and Cloud Monitoring is Enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure rsyslog is installed | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure rsyslog is installed | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure rsyslog is installed | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure rsyslog is installed | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.2 Ensure rsyslog is installed | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.2 Ensure rsyslog is installed | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 1903 MS v1.19.9 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows 11 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows 11 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - WinRM Client | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Local_Client_v1r6.audit from DISA McAfee VSEL 1.9/2.0 Local Client v1r6 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | |
| EP11-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| ESXI5-VMNET-000012 - All port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN000790-ESXI5-000085 - The system must prevent the use of dictionary words for passwords - V-39246 | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN000790-ESXI5-000085 - The system must prevent the use of dictionary words for passwords - V-39418 | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN002420-ESXI5-00878 - Removable media, remote file systems, and any file system that does not contain approved setuid files must be mounted with the nosuid option. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. | DISA IIS 10.0 Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| JUNI-RT-000430 - The Juniper out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network server: Server SPN target name validation level | MSCT Windows 10 v1507 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| SRG-OS-000072-ESXI5 - The system must require at least four characters be changed between the old and new passwords during a password change. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WN19-00-000370 - Windows Server 2019 must not have the TFTP Client installed. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000360 - Windows Server 2022 must not have the Telnet Client installed. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000370 - Windows Server 2022 must not have the TFTP Client installed. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
