| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - excel.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - mspub.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - visio.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure filesystem integrity is regularly checked | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.208 - Device Install - PnP Interface Remote Access | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 6.1.2 Ensure filesystem integrity is regularly checked | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.2 Ensure filesystem integrity is regularly checked | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.3.9 Audit Pop-up Windows | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.9 Audit Pop-up Windows | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.9 Audit Pop-up Windows | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.10 Audit Pop-up Windows | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Enforce Installation of XProtect, MRT, and Gatekeeper Updates Automatically | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure TCP Wrappers is installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure telnet client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| KNOX-07-901500 - The Samsung must be configured to enforce a Container application install policy by specifying an application whitelist. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Monterey - Enforce Installation of XProtect, MRT, and Gatekeeper Updates Automatically | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Enforce Installation of XProtect, MRT, and Gatekeeper Updates Automatically | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010670 - OL 8 must disable kernel dumps unless needed. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010670 - RHEL 8 must disable kernel dumps unless needed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Server version information parameters should be turned off - 'ServerSignature Off' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-020220 - The operating system must be configured to provide essential capabilities. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SP13-00-000165 - The SharePoint farm service account (database access account) must be configured with minimum privileges on the SQL server. | DISA STIG SharePoint 2013 v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SP13-00-000175 - The SharePoint setup account must be configured with the minimum privileges on the SQL server. | DISA STIG SharePoint 2013 v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SPLK-CL-000190 - Splunk Enterprise installation directories must be secured. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG OS | Unix | AUDIT AND ACCOUNTABILITY |
| SSO : no-SSO-self-signed-certs | VMWare vSphere 5.X Hardening Guide | VMware | |
| VCEM-67-000008 - ESX Agent Manager application files must be verified for their integrity. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| vCenter : no-self-signed-certs | VMWare vSphere 5.X Hardening Guide | VMware | |
| VCUI-67-000026 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-65-000026 - The vCenter Server for Windows must check the privilege re-assignment after restarts. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN10-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Patch | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000022 - Device metadata retrieval from the Internet must be prevented. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000022 - Device metadata retrieval from the Internet must be prevented. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000120 - Windows Media Digital Rights Management (DRM) must be prevented from accessing the Internet. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000040 - Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000050 - Source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000030 - Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000040 - Windows Server 2019 source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000400 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000040 - Windows Server 2022 source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
