| 1.6.2 Create Pod Security Policies for your cluster | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.13.7 Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to Enabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.13.7 Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to Enabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.25.4 (L1) Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.31 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.56 (L2) Ensure 'Block third party cookies' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.98 (L2) Ensure 'Enable search suggestions' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.109 (L2) Ensure 'Enforce Google SafeSearch' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | INCIDENT RESPONSE |
| 2.2.24 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.27 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.1 - AirWatch - Enable Prevent Move for Sensitive Mail Accounts | AirWatch - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3.1 - AirWatch - Enable Prevent Move for Sensitive Mail Accounts | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3.2 - AirWatch - Require Use Only in Mail for Sensitive Mail Accounts | AirWatch - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3.3 - AirWatch - Mark Company Mail Domain | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.7.1 iCloud configuration | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.2.4 Ensure sctp kernel module is not available | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 1 permissions' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 3.4.2 Ensure SCTP is disabled | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 7 v1.1.0 L1 MongoDB | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 7 v1.1.0 L1 MongoDB | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.4 (L1) Ensure SMTP AUTH is disabled | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable SSH IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable SSH IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Aliyun_Linux_2_L1_v1.0.0.audit from CIS Aliyun Linux 2 Benchmark v1.0.0 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | |
| CIS_Palo_Alto_Firewall_9_Benchmark_v1.1.0_L2.audit from CIS Palo Alto Firewall 9 Benchmark v1.1.0 | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | |
| CIS_Palo_Alto_Firewall_10_Benchmark_v1.2.0_L2.audit from CIS Palo Alto Firewall 10 Benchmark v1.2.0 | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | |
| CIS_Palo_Alto_Firewall_11_Benchmark_v1.1.0_L1.audit from CIS Palo Alto Firewall 11 Benchmark v1.1.0 | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | |
| Control which extensions cannot be installed | MSCT Edge v85 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control which extensions cannot be installed | MSCT Edge v89 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control which extensions cannot be installed | MSCT Edge v90 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control which extensions cannot be installed | MSCT Edge v84 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control which extensions cannot be installed | MSCT Edge v88 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DKER-EE-001970 - SSH must not run within Linux containers for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTOO236 - The Add-In Trust Level must be configured. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO279 - RPC encryption between Outlook and Exchange server must be enforced. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000002 - Bypassing Microsoft Defender SmartScreen prompts for sites must be disabled. | DISA STIG Edge v2r2 | Windows | MAINTENANCE |
| EX13-CA-000110 - Exchange must have the Microsoft Active Sync directory removed. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000310 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000680 - Exchange must have the most current, approved service pack installed. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| HP ProCurve - 'Enable SSH' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'IsTlsRequired = True' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v128 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v131 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to more-private network endpoints | MSCT Edge v124 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| Windows Device Configuration - Browser Autofill | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
