| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure ufw default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2.1 Ensure iptables default deny firewall policy | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.3.1 Ensure ip6tables default deny firewall policy | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.3.1 Ensure ip6tables default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | CIS v1.1.0 Oracle 11g OS L2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Debian 10 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.13 Ensure Access to Inappropriate File Extensions Is Restricted | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.3.2 Ensure actions as another user are always logged | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.14 Ensure events that modify the system's Mandatory Access Controls are collected | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.3.2 Ensure actions as another user are always logged | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 10.2 Ensure BIND Processes Run in the named_t Confined Context Type | CIS BIND DNS v1.0.0 L2 Caching Only Name Server | Unix | ACCESS CONTROL |
| 10.02 Enterprise Manager Agent File uploads - 'Monitor the size of file uploads from the enterprise agent' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| Big Sur - Must Use Host Based Security Solution | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0095-ORACLE11 - Audit trail data should be reviewed daily or more frequently. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-000240 - The F5 BIG-IP appliance must enforce approved authorizations for logical access to resources by explicitly configuring assigned resources with an authorization list. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000945-ESXI5-000333 - The root accounts library search path must be the system default and must contain only absolute paths. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN004900 - The ftpusers file must contain account names not allowed to use FTP. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| RHEL-07-010020 - The Red Hat Enterprise Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010081 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010440 - The Red Hat Enterprise Linux operating system must not allow an unattended or automatic logon to the system via a graphical user interface. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021120 - The Red Hat Enterprise Linux operating system must be configured so that the cron.allow file, if it exists, is group-owned by root. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040360 - The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon an SSH logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| UBTU-18-010410 - The Ubuntu operating system must monitor remote access methods. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WN10-CC-000037 - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000025 - The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000025 - The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-RG-000003-MS - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-MS-000020 - Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
