| 1.1.3.3.2 Ensure only allow specified file types is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.2.2 Ensure Time Is Set Within Appropriate Limits | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 3.4.2.8 Ensure nftables default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.8 Ensure nftables default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.8 Ensure nftables default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.8 Ensure nftables default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10.9.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 5.3 Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.4.1 Enable VPC Flow Logs and Intranode Visibility | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - lcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.8 Ensure that a 'Custom banned password list' is set to 'Enforce' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.15 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.15 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure that RDP access from the Internet is evaluated and restricted | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.59 Ensure 'Software certificate installation files must be removed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| Adtran : List enabled interfaces | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| AIX7-00-003048 - If SNMP is not required on AIX, the snmpd service must be disabled. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Must Use HBSS | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-06-000045 - The system must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | AUDIT AND ACCOUNTABILITY |
| GEN004900 - The ftpusers file must contain account names not allowed to use FTP. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000260 - The Juniper perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r3 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010019 - OL 8 must ensure cryptographic verification of vendor software packages. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010070 - The Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010210 - The Red Hat Enterprise Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020710 - The Red Hat Enterprise Linux operating system must be configured so that all local initialization files have mode 0740 or less permissive. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021110 - The Red Hat Enterprise Linux operating system must be configured so that the cron.allow file, if it exists, is owned by root. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021610 - The Red Hat Enterprise Linux operating system must be configured so that the file integrity tool is configured to verify extended attributes. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040350 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using rhosts authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040440 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - From | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| WDNS-CM-000019 - Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-000700 - The Windows PAW must be configured with a vendor-supported version of Windows 11 and applicable security patches that are DOD approved. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
