| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.27 Ensure 'Guest profiles' do not exist | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | |
| 5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.57 Ensure 'Server Message Block (SMB) v1 protocol must not be installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AMLS-NM-000100 - The Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Group Policy | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Rules | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000100 - The Cisco ASA must be configured to use TCP when sending log records to the central audit server - Logging Permit-hostdown | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000210 - The Cisco ASA must be configured to generate a real-time alert to organization-defined personnel and/or the firewall administrator in the event communication with the central audit server is lost - smtp | DISA STIG Cisco ASA FW v2r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1 | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000270 - The Cisco ASA must be configured to inspect all inbound and outbound traffic at the application layer. | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - From-address | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - Recipient-address | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| CASA-FW-000300 - The Cisco ASA must be configured to generate an alert that can be forwarded to organization-defined personnel and/or the firewall administrator when denial-of-service (DoS) incidents are detected - smtp | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| CASA-ND-000100 - The Cisco ASA must be configured to automatically audit account modification. | DISA STIG Cisco ASA NDM v2r2 | Cisco | ACCESS CONTROL |
| CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. | DISA STIG Cisco ASA NDM v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-ND-001240 - The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events. | DISA STIG Cisco ASA VPN v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. | DISA STIG Cisco ASA VPN v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred. | DISA STIG Cisco ASA VPN v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000700 - The Cisco ASA VPN remote access server must be configured to disable split-tunneling for remote clients. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001050 - The Cisco router must be configured to record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| EX13-EG-000170 - Exchange messages with a blank sender field must be filtered. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000330 - Exchange messages with a blank sender field must be rejected. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000123 - Exchange messages with a blank sender field must be rejected. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Failed authentication lockout | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| SHPT-00-000600 - SharePoint managed service accounts must be set to enable automatic password change. | DISA STIG SharePoint 2010 v1r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Central Administration is a separate App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - No Applications assigned to Default App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-promiscuous-mode-dvportgroup | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
