| 1.2.1 Ensure 'Domain Name' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Authentication is configured | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | ACCESS CONTROL |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Weak Protocols are Disabled | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure Encryption of Data at Rest | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure appropriate key file permissions are set | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Ensure appropriate database file permissions are set | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | ACCESS CONTROL |
| 8.3.4 (L1) Ensure standard processes are used for VM deployment | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 49.22 (L1) Ensure 'Network Security: Allow PKU2U authentication requests' is set to 'Block' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| Android Work Profile Device Configuration - Add and remove accounts | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Contact sharing via Bluetooth | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsOs | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsRdv | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001190 - Docker Enterprise sensitive host system directories must not be mounted on containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL |
| DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v86 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | MSCT Edge v85 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v84 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v85 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v86 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Edge v87 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WINUR-000021 - The Deny log on through Remote Desktop Services user right on workstations must prevent all access. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| WN10-UR-000080 - The Deny log on as a service user right on Windows 10 domain-joined workstations must be configured to prevent access from highly privileged domain accounts. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
