| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - javaw.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-000007 - The macOS system must disable hot corners. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-000014 - The macOS system must enforce time synchronization. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000023 - The macOS system must display a policy banner at remote login. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-000024 - The macOS system must enforce SSH to display a policy banner. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-000030 - The macOS system must configure audit log files to not contain access control lists (ACLs). | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000053 - The macOS system must set login grace time to 30. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000090 - The macOS system must disable login to other users' active and locked sessions. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000130 - The macOS system must configure SSHD unused connection timeout to 900. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001010 - The macOS system must be configured to shut down upon audit failure. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001012 - The macOS system must configure audit log files to be owned by root. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001021 - The macOS system must be configured to audit all changes of object attributes. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001023 - The macOS system must be configured to audit all failed write actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001100 - The macOS system must disable root login for SSH. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002004 - The macOS system must disable Location Services. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002006 - The macOS system must disable Unix-to-Unix Copy Protocol (UUCP) service. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-002010 - The macOS system must disable FaceTime.app. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002013 - The macOS system must disable iCloud Reminders. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002016 - The macOS system must disable iCloud Notes. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002017 - The macOS system must disable the camera. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-002024 - The macOS system must disable sending search data from Spotlight to Apple. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002038 - The macOS system must disable Trivial File Transfer Protocol (TFTP) service. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-15-002041 - The macOS system must disable iCloud Document Sync. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002052 - The macOS system must disable the System Settings pane for Wallet and Apple Pay. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002053 - The macOS system must disable the system settings pane for Siri. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000007 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000032 - The ESXi host must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000036 - The ESXi host must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000046 - The ESXi host must configure NTP time synchronization. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000058 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000065 - All port groups on standard switches must not be configured to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000072 - The ESXi host must have all security patches and updates installed. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000001 - The vCenter Server must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000005 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000045 - The vCenter Server must limit the maximum number of failed login attempts to three. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000060 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000066 - The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000069 - The vCenter Server must use a limited privilege account when adding an LDAP identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
