| 1.7.10 Ensure XDMCP is not enabled | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.10 Ensure XDMCP is not enabled | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.8.4 Ensure XDMCP is not enabled | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.4 Ensure XDMCP is not enabled | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.10 Ensure XDMCP is not enabled | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.8.10 Ensure XDMCP is not enabled | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.10 Ensure XDMCP is not enabled | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.8.10 Ensure XDMCP is not enabled | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.8.10 Ensure XDMCP is not enabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.4 Ensure the NGINX reverse proxy does not enable information disclosure | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit all failed events across all audit classes' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Intune for Windows 11 v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Apple_OS_X_10.15_v1r10.audit from DISA Apple OS X 10.15 (Catalina) v1r10 STIG | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | |
| DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-107 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN002320 - Audio devices must have mode 0660 or less permissive. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN002320 - Audio devices must have mode 0660 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002340 - Audio devices must be owned by root - '/dev/audio*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN002340 - Audio devices must be owned by root - /dev/audio* | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUSX-DM-000087 - The Juniper SRX Services Gateway must have the number of rollbacks set to 5 or more. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - rootpw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - runaspw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-010342 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL08-00-010383 - OL 8 must use the invoking user's password for privilege escalation when using "sudo". | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010342 - The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL |
| SLES-15-020103 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
