| 1.41 WN22-00-000410 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure 'Remote Access' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.8 Ensure 'Scan for Startup Procs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'Scan for Startup Procs' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'Scan For Startup Procs' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.12 Configure centralized and remote logging | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12 Configure centralized and remote logging | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | AUDIT AND ACCOUNTABILITY |
| 5.6 Ensure AES128 is set for all SNMPv3 users | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7 Ensure SHA1 is set for SNMPv3 authentication | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 5.8.1 Ensure authentication using Client Certificates is Disabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| DKER-EE-002100 - cgroup usage must be confirmed in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002110 - All Docker Enterprise containers must be restricted from acquiring additional privileges. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-file | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003310 - The Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP) - max-size | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - schedule is daily | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - scheduling enabled | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EDGE-00-000022 - Importing of search engine settings must be disabled. | DISA STIG Edge v2r3 | Windows | CONFIGURATION MANAGEMENT |
| GEN000241 - The system clock must be synchronized continuously. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN000242 - The system must use at least two time sources for clock synchronization - '/etc/ntp.conf' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - '/etc/ntp.conf' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'at least 2 servers are configured' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'at least 2 servers are configured' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'cron jobs' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'cron jobs' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is running' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is running' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'NTP daemon is started at boot' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 1 | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 2 | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000244 - The system must use time sources local to the enclave. | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Network Security - Set the source address for all route engine generated traffic - NTP | Juniper Hardening JunOS 12 Devices Checklist | Juniper | AUDIT AND ACCOUNTABILITY |
| Network Security - Set the source address for all route engine generated traffic - tacplus-server | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
| VCPG-67-000021 - VMware Postgres must be configured to log to stderr. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
