| 1.1.4.1 exec accounting | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Host Profiles to monitor and alert on configuration changes | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| 3.4.3.2.1 Ensure iptables default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.1 Ensure ip6tables default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.7 Ensure nftables default deny firewall policy | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.7 Ensure nftables default deny firewall policy | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables default deny firewall policy - 'Chain FORWARD' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure ip6tables default deny firewall policy - 'Chain OUTPUT' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.1 Ensure default deny firewall policy - FORWARD | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.1 Ensure default deny firewall policy - OUTPUT | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.3.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.3.1 Ensure IPv6 default deny firewall policy - Chain INPUT | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.3.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2.1 Ensure iptables default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2.1 Ensure iptables default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Verify Active Directory group membership for the 'ESX Admins' group | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3.2 Ensure actions as another user are always logged | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.2 Ensure actions as another user are always logged | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.2 Ensure actions as another user are always logged | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.3.2 Ensure actions as another user are always logged | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 12.05 Sensitive information in process list on host - 'Avoid or encrypt' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.05 Sensitive information in process list on host - 'Avoid or encrypt' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| AIX7-00-002101 - AIX must monitor and record unsuccessful remote logins. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| CISC-RT-000090 - The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Review and disable unused interfaces | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000450 - The Juniper EX switch must be configured to prohibit installation of software without explicit privileged status. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000580 - The Juniper router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-CC-000037 - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-RG-000003-MS - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-MS-000020 - Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
