| 1.13.1 Ensure 'Check for the latest virus and spyware security intelligence before running a scheduled scan' is set to 'Enabled' | CIS Microsoft Defender Antivirus v1.0.0 L1 Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.1 Ensure 'Check for the latest virus and spyware security intelligence before running a scheduled scan' is set to 'Enabled' | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.34 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.10.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.14.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-003320 - The AlmaLinux 9 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL |
| AZLX-23-001265 - Amazon Linux 2023 must implement DOD-approved TLS encryption in the OpenSSL package. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| Boot-Start Driver Initialization Policy | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows 10 v1507 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy - DriverLoadPolicy | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Boot-Start Driver Initialization Policy - DriverLoadPolicy | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-000700 - DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000750 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000760 - The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| PANW-AG-000121 - The Palo Alto Networks security platform must generate a log record that can be used to send an alert to, at a minimum, the information system security officer (ISSO) and information system security manager (ISSM) when denial-of-service (DoS) incidents are detected. | DISA Palo Alto Networks ALG STIG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-06-000020 - The system must use a Linux Security Module configured to enforce limits on system services. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-08-010275 - RHEL 8 must implement DOD-approved encryption in the bind package. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040400 - RHEL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-672050 - RHEL 9 must implement DOD-approved encryption in the bind package. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQLD-22-000700 - SQL Server must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA Microsoft SQL Server 2022 Database STIG v1r3 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Services | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
