| 1.3.2 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.68 (L1) Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.69 (L1) Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.77 (L2) Ensure 'Default sensors setting' is set to 'Enabled: Do not allow any site to access sensors' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.108 (L2) Ensure 'Enforce Bing SafeSearch' is set to 'Enabled: Configure moderate search restrictions in Bing' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.118 (L1) Ensure 'Restrict exposure of local IP address by WebRTC' is set to 'Enabled: Allow public interface over http default route. This doesn't expose the local IP address' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 4.2.2 Ensure 'sslProtocol' is set to the latest versions of TLS (Transport Layer Security) | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11.23.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.233 - Indexing of mail items in Exchange folders when Outlook is running in uncached mode must be turned off. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-14-000700 - The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-707000 - Apple iOS/iPadOS 16 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-707000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007000 - Apple iOS/iPadOS 18 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Big Sur - Enforce FileVault | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enforce FileVault | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enforce FileVault | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enforce FileVault | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Enforce FileVault | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce FileVault | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce FileVault | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce FileVault | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce FileVault | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce FileVault | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Palo_Alto_Firewall_11_Benchmark_v1.1.0_L2.audit from CIS Palo Alto Firewall 11 Benchmark v1.1.0 | CIS Palo Alto Firewall 11 v1.1.0 L2 | Palo_Alto | |
| Control which extensions cannot be installed | MSCT Edge v91 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTOO279 - Outlook - RPC encryption between Outlook and Exchange server must be enforced. | DISA STIG Office 2010 Outlook v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000032 - Site tracking of a user's location must be disabled. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000042 - Extensions that are approved for use must be allowlisted if used. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000060 - Exchange must have Send Fatal Errors to Microsoft disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000130 - The Exchange Public Folder database must not be overwritten by a restore. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000135 - Exchange Mailboxes must be retained until backups are complete. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000140 - The Exchange Mailbox database must not be overwritten by a restore. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000198 - Exchange services must be documented, and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX19-MB-000283 - Exchange must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| HONW-09-010000 - Honeywell Mobility Edge Android Pie devices Work Profile must be configured to disable the autofill services. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010000 - Honeywell Mobility Edge Android Pie devices Work Profile must be configured to disable the autofill services. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MADB-10-000500 - MariaDB must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| Monterey - Enforce FileVault | NIST macOS Monterey v1.0.0 - 800-171 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Enforce FileVault | NIST macOS Monterey v1.0.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Enforce FileVault | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000124 - The Datagram Congestion Control Protocol (DCCP) must be disabled unless required. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| Specifies whether to allow insecure websites to make requests to more-private network endpoints | MSCT Edge v98 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow insecure websites to make requests to more-private network endpoints | MSCT edge v96 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v133 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v135 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v136 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
