| 1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4 | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutive | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionary | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - f) The validity period of an account can be configured | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.5 FTP/SFTP Access Authorization - sftp top-directory | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 1.6 Support Web Access Security - a) ciphersuite | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - b) Disable encryption 3des-cbc | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 NTP Security Protection - a) Enable NTP | Tenable ZTE ROSNG | ZTE_ROSNG | AUDIT AND ACCOUNTABILITY |
| 2.2 NTP Security Protection - c) NTP Auth-key encrypted | Tenable ZTE ROSNG | ZTE_ROSNG | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Enable "Set time and date automatically" | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Disable the Proxy ARP Function - d) No local-proxy-arp | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 3.1 Authentication and Verification of OSPF Routing Protocols - authentication message-digest | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-key | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - AntiDetours | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - AntiDetours | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.24.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIX7-00-003078 - The klogin daemon must be disabled on AIX. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-004090 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-EG-000215 - Exchange messages with malformed From address must be rejected. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000430 - Exchange messages with a malformed From address must be rejected. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000730 - The application must configure malicious code protection mechanisms to perform periodic scans of the information system every seven days. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-DM-000146 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| OL07-00-020029 - The Oracle Linux operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Oracle Linux 7 STIG v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-020210 - The Oracle Linux operating system must enable SELinux. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-020220 - The Oracle Linux operating system must enable the SELinux targeted policy. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010170 - OL 8 must use a Linux Security Module configured to enforce limits on system services. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010359 - The OL 8 operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010360 - The OL 8 file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010450 - OL 8 must enable the SELinux targeted policy. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-040342 - OL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PANW-AG-000049 - The Palo Alto Networks security platform must block phone home traffic. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-020210 - The Red Hat Enterprise Linux operating system must enable SELinux. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-020220 - The Red Hat Enterprise Linux operating system must enable the SELinux targeted policy. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010170 - RHEL 8 must use a Linux Security Module configured to enforce limits on system services. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010450 - RHEL 8 must enable the SELinux targeted policy. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-16-010500 - A file integrity tool must be installed to verify correct operation of all security functions in the Ubuntu operating system. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-18-010515 - The Ubuntu operating system must use a file integrity tool to verify correct operation of all security functions. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-20-010450 - The Ubuntu operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-651010 - Ubuntu 22.04 LTS must use a file integrity tool to verify correct operation of all security functions. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100100 - Ubuntu 24.04 LTS must use a file integrity tool to verify correct operation of all security functions. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCSA-70-000150 - vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCSA-80-000150 - The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Roles | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
