| 1.8 Audit docker daemon | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker.socket | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.100 WN19-CC-000060 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT III | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.101 WN10-CC-000020 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.102 WN10-CC-000025 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure Screen Saver Corners Are Secure - top left corner | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL |
| 5.2.10 Ensure number of characters changed in new password is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 17 - Restrict access to JETTY.properties - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 17 - Restrict access to JETTY.properties - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| Do not allow drive redirection | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| FNFG-FW-000005 - The FortiGate firewall must use filters that use packet headers and packet attributes, including source and destination IP addresses and ports. | DISA Fortigate Firewall STIG v1r4 | FortiGate | ACCESS CONTROL |
| FNFG-FW-000015 - The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points. | DISA Fortigate Firewall STIG v1r4 | FortiGate | ACCESS CONTROL |
| FNFG-FW-000020 - The FortiGate firewall must generate traffic log entries containing information to establish what type of events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000025 - The FortiGate firewall must generate traffic log entries containing information to establish when (date and time) the events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000030 - The FortiGate firewall must generate traffic log entries containing information to establish the network location where the events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000035 - The FortiGate firewall must generate traffic log entries containing information to establish the source of the events, such as the source IP address at a minimum. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000040 - The FortiGate firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000050 - The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000055 - The FortiGate firewall must protect the traffic log from unauthorized modification of local log records. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000070 - The FortiGate firewall must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000075 - The FortiGate firewall implementation must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000105 - If communication with the central audit server is lost, the FortiGate firewall must generate a real-time alert to, at a minimum, the SA and ISSO. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000115 - The FortiGate firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000120 - The FortiGate firewall must apply egress filters to traffic outbound from the network through any internal interface. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000130 - The FortiGate firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000145 - The FortiGate firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Fortigate Firewall STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| FNFG-FW-000155 - The FortiGate firewall must allow authorized users to record a packet-capture-based IP, traffic type (TCP, UDP, or ICMP), or protocol. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000165 - The FortiGate firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000223 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WN10-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 10 STIG v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000025 - The system must be configured to prevent IP source routing. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000070 - Windows Server 2016 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-CC-000060 - Windows Server 2022 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
