| 1.100 WN16-CC-000070 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT III | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.102 WN10-CC-000025 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.LEVEL=INFO | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2 - Specify file handler in jetty-logging.properties files - org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StrErrLog | TNS Best Practice Jetty 9 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 15.0 Sequoia v2.0.0 L2 | Unix | ACCESS CONTROL |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| APPL-15-000001 - The macOS system must prevent Apple Watch from terminating a session lock. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-002100 - The macOS system must disable Media Sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-002110 - The macOS system must disable Bluetooth Sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-002170 - The macOS system must disable iCloud Private Relay. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002200 - The macOS system must disable Personalized Advertising. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002220 - The macOS system must enforce On Device Dictation. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002260 - The macOS system must disable the Bluetooth System Settings pane. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003050 - The macOS system must enforce multifactor authentication for login. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003070 - The macOS system must set minimum password lifetime to 24 hours. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-004030 - The macOS system must configure system log files owned by root and group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-004040 - The macOS system must configure system log files to mode 640 or less permissive. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-004050 - The macOS system must configure install.log retention to 365. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-004060 - The macOS system must configure sudoers timestamp type. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-005070 - The macOS system must enable Authenticated Root. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-005120 - The macOS system must enable Recovery Lock. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-005150 - The macOS system must disable Apple Intelligence Image Generation. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 11 v23H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection - fDisableCdm | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000070 - The ESXi host must not provide root/administrator-level access to Common Information Model (CIM)-based hardware monitoring tools or other third-party applications. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000079 - The ESXi host must not suppress warnings that the local or remote shell sessions are enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000087 - The ESXi host must enable volatile key destruction. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000089 - The ESXi Host Client must be configured with a session timeout. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCTR-67-000023 - The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000051 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000063 - The vCenter Server must restrict access to the cryptographic role. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000999 - The version of vCenter running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WN10-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-CC-000060 - Windows Server 2022 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
