| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.11.6 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' - Send NTLMv2 response only. Refuse LM & NTLM | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.9 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 5.5.1.3 Ensure password expiration warning days is 7 or more - login.defs | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.3 Ensure password expiration warning days is 7 or more - users | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.3 Ensure password expiration warning days is 7 or more - users | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in default) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 20.31 Ensure 'Host-based firewall is installed and enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Navigation to URLs embedded in Office products must be blocked. | DISA STIG Microsoft Groove 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO132 - File Downloads must be configured for proper restrictions. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000020 - The FortiGate device must automatically audit account removal actions | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000035 - The FortiGate device must allow full access to only those individuals or roles designated by the ISSM. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000040 - The FortiGate device must audit the execution of privileged functions | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000055 - The FortiGate device must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000060 - The FortiGate device must log all user activity. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000070 - The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000105 - The FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000120 - The FortiGate device must synchronize internal information system clocks using redundant authoritative time sources | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| FGFW-ND-000135 - The FortiGate device must protect audit tools from unauthorized access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000145 - The FortiGate device must prohibit installation of software without explicit privileged status. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000155 - The FortiGate device must limit privileges to change the software resident within software libraries. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000165 - The FortiGate device must use LDAP for authentication. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000170 - The FortiGate device must be running an operating system release that is currently supported by the vendor. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000175 - The FortiGate device must generate log records for a locally developed list of auditable events | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| FGFW-ND-000180 - The FortiGate device must conduct backups of system-level information contained in the information system when changes occur. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| FGFW-ND-000200 - The FortiGate device must prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000205 - The FortiGate device must implement replay-resistant authentication mechanisms for network access to privileged accounts | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000245 - The FortiGate device must use LDAPS for the LDAP connection. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000255 - The FortiGate device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000275 - The FortiGate device must terminate idle sessions after 10 minutes of inactivity. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000305 - The FortiGate device must only install patches or updates that are validated by the vendor via digital signature or hash. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Central Administration is a separate App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - Internet & Extranet assigned to diff App Pools | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000760 - SharePoint must implement security functions as largely independent modules to avoid unnecessary interactions between modules - No Applications assigned to Default App Pool | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be enabled. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN12-CC-000150 - WDigest Authentication must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000150 - WDigest Authentication must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000043 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-00-000400 - Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
