| 1.300 RHEL-09-431016 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.361 OL08-00-040310 | CIS Oracle Linux 8 STIG v1.0.0 CAT III | Unix | CONFIGURATION MANAGEMENT |
| 2.2.26 Ensure ldap_tls_cacert is set for LDAP - config | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 2.2.26 Ensure ldap_tls_cacert is set for LDAP - file | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 8.1.2.1 Ensure Microsoft Defender for APIs is set to 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 18.9.47.9.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.3 Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.3 Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.3 Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.3 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-26-015600 - Apple iOS/iPadOS 26 must disable the ability to hide apps. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| APPL-12-002069 - The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-13-002069 - The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFields' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Buffer overflow protection should be configured 'LimitRequestFieldsize' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'LoadModule env_module' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'ScriptAlias' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Directory access permissions should be restricted. | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| File permissions in the root document should only be accessible by administrator | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| HTTP TRACE method should be disabled. 'RewriteCond' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteLog' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'RewriteRule' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'TraceEnable' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Keep Alive Timeout setting value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Latest Patches/Fixes should be installed | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| Logging Directives should be restricted to authorized users. - 'LogFormat' | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| MinSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Non-Essential modules should be disabled. 'mod_autoindex' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_dav' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| Non-Essential modules should be disabled. 'mod_include' | TNS IBM HTTP Server Best Practice Middleware | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020021 - The Oracle Linux operating system must confine SELinux users to roles that conform to least privilege. | DISA Oracle Linux 7 STIG v3r5 | Unix | ACCESS CONTROL |
| PPS9-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200632 - RHEL 10 must use a file integrity tool that is configured to use FIPS 140-3-approved cryptographic hashes for validating file contents and directories. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-200634 - RHEL 10 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Timeout value parameter value should be appropriately configured | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
| Turn off real-time protection | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn off real-time protection | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-651015 - Ubuntu 22.04 LTS must configure Advanced Intrusion Detection Environment (AIDE) to perform file integrity checking on the file system. | DISA Canonical Ubuntu 22.04 LTS STIG v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
| User IDs which disclose the privileges associated with it, should not be created. 'nologin' | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
