| 1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.18 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.10.0 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.22 Ensure that the maximumRetainedFiles argument is set to 10 or as appropriate | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | AUDIT AND ACCOUNTABILITY |
| 1.2.23 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.17 Ensure '_trace_files_public' Is Set to 'FALSE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.17 Ensure '_trace_files_public' Is Set to 'FALSE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.14 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - 'max_coordagents <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - 'maxappls <= 99' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.6.11.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.1.12 Set Maximum Number of Applications (MAXAPPLS) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 4.1.12 Set Maximum Number of Applications (MAXAPPLS) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 (L1) Host must store one week of audit records | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd_config | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-054690 - AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-000120 The macOS system must configure SSHD Channel Timeout to 900. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-000130 The macOS system must configure SSHD unused connection timeout to 900. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001150 The macOS system must disable password authentication for SSH. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-15-000024 - The macOS system must enforce SSH to display a policy banner. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-000120 - The macOS system must configure SSHD channel timeout to 900. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001150 - The macOS system must disable password authentication for SSH. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | ACCESS CONTROL |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000720 - The Cisco PE switch must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-003290 - The Kubernetes API Server must be set to audit log max size. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000084 - The ESXi host must enable audit logging. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| Excel 2 worksheets | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| PANW-NM-000144 - The Palo Alto Networks security platform must generate an audit log record when the Data Plane CPU utilization is 100%. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| RHEL-09-653095 - RHEL 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000019 - Lookup Service must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000019 - The Security Token Service must limit the number of allowed connections. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000019 - The Security Token Service must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000126 The vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL |
| VCUI-80-000126 The vCenter UI service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL |
