| 1.2 Ensure the container host has been Hardened | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Harden the container host | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.7 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry paths is configured | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.10.7 Configure 'Network access: Remotely accessible registry paths' is configured - Network access: Remotely accessible registry paths is configured | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - mod_reqtimeout | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - mod_reqtimeout | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | MEDIA PROTECTION |
| ARDC-CL-000080 - Adobe Reader DC must disable Acrobat Upsell. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| CIS_AlmaLinux_OS_8_Workstation_L1_v3.0.0.audit from CIS AlmaLinux OS 8 Benchmark v3.0.0 | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | |
| CIS_Apache_Tomcat_10.1_v1.1.0_L1.audit from CIS Apache Tomcat 10.1 Benchmark v1.1.0 | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | |
| CIS_Apache_Tomcat_10.1_v1.1.0_L2.audit from CIS Apache Tomcat 10.1 Benchmark v1.1.0 | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | |
| CIS_Apple_macOS_10.12_v1.2.0_Level_1.audit from CIS Apple macOS 10.12 Benchmark v1.2.0 | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | |
| CIS_Apple_macOS_10.14_v2.0.0_L1.audit from CIS Apple macOS 10.14 Benchmark v2.0.0 | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | |
| CIS_CentOS_6_v3.0.0_Workstation_L1.audit from CIS CentOS Linux 6 Benchmark v3.0.0 | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | |
| CIS_IBM_AIX_7_v1.0.0_L1.audit from CIS IBM AIX 7 Benchmark v1.0.0 | CIS IBM AIX 7 v1.0.0 L1 | Unix | |
| CIS_IBM_WebSphere_Liberty_v1.0.0_L1.audit from CIS IBM WebSphere Liberty Benchmark v1.0.0 | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | |
| CIS_Microsoft_Exchange_Server_2019_v1.0.0_Level_1_Edge.audit from CIS Microsoft Exchange Server 2019 Benchmark v1.0.0 | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_MS_IIS_10_v1.2.1_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.2.1 | CIS IIS 10 v1.2.1 Level 2 | Windows | |
| CIS_MySQL_5.6_Community_Benchmark_v2.0.0_LEVEL_1_DB.audit from CIS Oracle MySQL 5.6 Community Edition Benchmark | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | |
| CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_LEVEL_2_DB.audit from CIS Oracle MySQL 5.6 Enterprise Edition Benchmark | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | |
| CIS_MySQL_5.7_Community_Benchmark_v2.0.0_Level_2_DB.audit from CIS Oracle MySQL 5.7 Community Edition Benchmark | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | |
| CIS_MySQL_5.7_Enterprise_Benchmark_v2.0.0_Level_1_DB.audit from CIS Oracle MySQL 5.7 Enterprise Edition Benchmark | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | |
| CIS_MySQL_8.0_Enterprise_Benchmark_v1.4.0_Level_2_OS_Linux.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark | CIS MySQL 8.0 Enterprise Linux OS L2 v1.4.0 | Unix | |
| CIS_PostgreSQL_14_v 1.2.0_L1_DB.audit from CIS PostgreSQL 14 Benchmark v 1.2.0 | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | |
| CIS_PostgreSQL_14_v 1.2.0_L1_OS_Linux.audit from CIS PostgreSQL 14 Benchmark v 1.2.0 | CIS PostgreSQL 14 OS v 1.2.0 | Unix | |
| CIS_SUSE_Linux_Enterprise_Server_11_v2.1.1_L1.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | |
| CIS_SUSE_Linux_Enterprise_Server_11_v2.1.1_L2.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | |
| CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.1_L1.audit from CIS SUSE Linux Enterprise 11 Benchmark | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | |
| CIS_Ubuntu_Linux_18.04_LTS_v2.2.0_L1_Server.audit from CIS Ubuntu Linux 18.04 LTS Benchmark v2.2.0 | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | |
| CIS_Ubuntu_Linux_22.04_LTS_v2.0.0_L1_Server.audit from CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0 | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | |
| JUEX-NM-000660 - The Juniper EX switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000077 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WN16-DC-000020 - Kerberos user logon restrictions must be enforced. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000160 - Windows Server 2019 directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-DC-000370 - Windows Server 2019 Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-DC-000380 - Windows Server 2019 Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-DC-000410 - Windows Server 2019 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000360 - Windows Server 2022 Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group on domain controllers. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000370 - Windows Server 2022 Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
