| 1.2 Password Security Policy - d) Check either of the following words exist in configuration file | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverse | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.4 SNMP Security - b) SNMP server | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - a) Version | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - b) ciphersuite | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.5 Product Default Banner | Tenable ZTE ROSNG | ZTE_ROSNG | ACCESS CONTROL |
| 3.6 Ensure Relational Database Service Instances have Auto Minor Version Upgrade Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.29 (L1) Ensure 'PUA Protection' is set to 'PUA Protection on' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.29 (L1) Ensure 'PUA Protection' is set to 'PUA Protection on' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 49.30 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL |
| ALMA-09-003320 - AlmaLinux OS 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH server connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-003430 - AlmaLinux OS 9 must implement DOD-approved systemwide cryptographic policies to protect the confidentiality of SSH server connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| CD12-00-002600 - PostgreSQL must allow only the Information System Security Manager (ISSM), or individuals or roles appointed by the ISSM, to select which auditable events are to be audited. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000700 - DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000150 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when DoS incidents are detected. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| MADB-10-000600 - MariaDB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-001900 - Oracle Database must allow designated organizational personnel to select which auditable events are to be audited by the database. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O112-C2-020300 - The DBMS must support taking organization-defined list of least disruptive actions to terminate suspicious events. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL07-00-020020 - The Oracle Linux operating system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| PANW-AG-000122 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000079 The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000239 The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-06-000020 - The system must use a Linux Security Module configured to enforce limits on system services. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-020020 - The Red Hat Enterprise Linux operating system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-08-040400 - RHEL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-255055 - RHEL 9 SSH daemon must be configured to use system-wide crypto policies. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-651010 - RHEL 9 must have the AIDE package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-672050 - RHEL 9 must implement DOD-approved encryption in the bind package. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-004400 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Services | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-DC-000130 - Domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000130 - Windows Server 2019 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
