| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.1.4 Set 'no service dhcp' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1 Disable IP Forwarding - net.ipv4.ip_forward = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Configure Alerts on all Configuration Changes | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| AIOS-14-011700 - Apple iOS/iPadOS must disable 'Allow USB drive access in Files app' if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-013300 - Apple iOS/iPadOS 16 must disable 'Allow USB drive access in Files app' if the authorizing official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. | MobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-014300 - Apple iOS/iPadOS 16 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-014300 - Apple iOS/iPadOS 17 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-014300 - Apple iOS/iPadOS 17 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-014300 - Apple iOS/iPadOS 18 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014300 - Apple iOS/iPadOS 18 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-014300 - Apple iOS/iPadOS 26 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Cisco ASA NDM v2r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000590 - The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000590 - The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA Cisco IOS XE Switch NDM STIG v3r6 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events. | DISA Cisco IOS XE Switch NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | MAINTENANCE |
| Ensure timezone is properly configured | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000004 - The system must explicitly disable drag and drop operations. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000010 - The system must not use independent, non-persistent disks. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI5-VM-000011 - The system must disable VM-to-VM communication through VMCI. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI5-VM-000037 - The system must disconnect unauthorized serial devices. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000042 - The system must limit VM logging record contents. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI5-VM-000053 - The system must control access to VMs through the VMsafe CPU/memory vmsafe.agentPort API. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| Huawei: Insecure HTTP is not configured. | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| O19C-00-015300 - Oracle Database must map the authenticated identity to the user account using public key infrastructure (PKI)-based authentication. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000268 - The rdisc service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000268 - The rdisc service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-006026 - OL 9 must not forward IPv4 source-routed packets by default. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| PANW-NM-000141 - The Palo Alto Networks security platform must use DoD-approved PKI rather than proprietary or self-signed device certificates. | DISA Palo Alto Networks NDM STIG v3r3 | Palo_Alto | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Password Strength Check - Password Minimum Length | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| Password Strength Check - Password Strength Test Type | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000268 - The rdisc service must not be running - 'CHKCONFIG'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000268 - The rdisc service must not be running - 'PROCESS_CHECK'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SRG-OS-99999-ESXI5-000152 - Keys from SSH authorized_keys file must be removed. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
