| 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.65 UBTU-22-255060 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.85 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Microsoft Intune for Edge v1.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.86 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.356 RHEL-09-651035 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT III | Unix | CONFIGURATION MANAGEMENT |
| 2.2.32 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.36 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.2.3 Enable Outbreak Prevention Database | CIS Fortigate 7.0.x v1.4.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.4.1 Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.29 (L1) Ensure 'PUA Protection' is set to 'PUA Protection on' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 22.29 (L1) Ensure 'PUA Protection' is set to 'PUA Protection on' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-003430 - AlmaLinux OS 9 must implement DOD-approved systemwide cryptographic policies to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| AZLX-23-001200 - Amazon Linux 2023 SSH server must be configured to use systemwide crypto policies. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| AZLX-23-001260 - Amazon Linux 2023 must implement DOD-approved encryption in the OpenSSL package. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000720 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-VN-300041 - The F5 BIG-IP appliance IPsec VPN must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE). | DISA F5 BIG-IP TMOS VPN STIG v1r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000146 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA256 or higher to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | MAINTENANCE |
| MADB-10-000600 - MariaDB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O112-C2-020300 - The DBMS must support taking organization-defined list of least disruptive actions to terminate suspicious events. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL09-00-002421 - OL 9 must implement DOD-approved encryption in the bind package. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-NDM-000670 - The Dell OS10 Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | AUDIT AND ACCOUNTABILITY |
| RHEL-08-040400 - RHEL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-10-300080 - RHEL 10 must implement DOD-approved encryption in the bind package. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLEM-05-431025 - SLEM 5 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | ACCESS CONTROL |
| SQL6-D0-004400 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-004400 - SQL Server must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN22-DC-000130 - Windows Server 2022 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
