| 1.1.3.9.16 Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.3 Set the 'banner-text' for 'banner motd' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 3.3.2.7 Ensure net.ipv6.conf.all.accept_ra is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.7 Ensure net.ipv6.conf.all.accept_ra is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.7 Ensure net.ipv6.conf.all.accept_ra is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.7 Ensure net.ipv6.conf.all.accept_ra is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.8 Ensure net.ipv6.conf.default.accept_ra is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.8 Ensure net.ipv6.conf.default.accept_ra is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.8 Ensure net.ipv6.conf.default.accept_ra is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2.8 Ensure net.ipv6.conf.default.accept_ra is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.2 Ensure minimum days between password changes is configured - password shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.1.1 Disable IP Forwarding | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.1 Disable IP Forwarding | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.3 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.4.3 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.4 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.4 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| AIOS-14-012700 - Apple iOS/iPadOS must disable [Allow network drive access in Files access]. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-012700 - Apple iOS/iPadOS must disable [Allow network drive access in Files access]. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-014300 - Apple iOS/iPadOS 15 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-014300 - Apple iOS/iPadOS 15 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-014300 - Apple iOS/iPadOS 16 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-26-014300 - Apple iOS/iPadOS 26 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ALMA-09-018500 - AlmaLinux OS 9 must not accept router advertisements on all IPv6 interfaces. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000330 - The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000330 - The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000670 - The Arista multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000670 - The Arista multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Login: ssh - v1 is disabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: ssh - v2 and later is enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: SSH is enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Management Access Policy - HTTPS - Cipher Configuration | Tenable Cisco ACI | Cisco_ACI | |
| MS.AAD.4.1v1 - Security logs SHALL be sent to the agency's security operations center for monitoring. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015200 - Oracle Database, when using public key infrastructure (PKI)-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015200 - Oracle Database, when using public key infrastructure (PKI)-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Database 19c STIG v1r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-254030 - RHEL 9 must not accept router advertisements on all IPv6 interfaces by default. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-800220 - RHEL 10 must not accept router advertisements on all Internet Protocol version 6 (IPv6) interfaces. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SRG-OS-99999-ESXI5-000137 - The system must disable the Managed Object Browser (MOB) - MOB | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
