| 1.1.2 Utilize a Split-Horizon Architecture | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 1.1.3 Slave DNS servers | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 1.1.5 - AirWatch - Remove Entries in 'Wi-Fi' | AirWatch - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.13 - AirWatch - Enable 'Lock SIM card' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.2 Validate Name Registration Security | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.12.7 - Miscellaneous Config - Block talk/write | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | |
| 3.2.1.11 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.18 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | |
| 3.2.1.20 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.28 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 5.2 Protecting Backups | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 5.2 Protecting Backups | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.9 (L2) Ensure 'Configure Windows protected print' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| Catalina - Secure Name Address Resolution Service | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Check for server certificate revocation | MSCT Windows 10 1809 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 10 v21H1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server v1909 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 2025 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 10 1903 v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 11 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 11 v23H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Check for server certificate revocation | MSCT Windows 11 v22H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| CNTR-R2-000460 - Rancher RKE2 must be built from verified packages. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DG0146-ORACLE11 - Audit records should include the reason for blacklisting or disabling DBMS connections or accounts. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DTBC-0005 - Extensions installation must be blocklisted by default. | DISA STIG Google Chrome v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| Ensure updates, patches, and additional security software are installed - apt-get | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-06-100007 - The VMM must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
| ESXI-65-000007 - The ESXi host must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | ACCESS CONTROL |
| EX13-EG-000300 - Exchange software must be monitored for unauthorized changes. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-13-710800 - Android 13 devices must have the latest available Google Android 13 operating system installed. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| Limits print driver installation to Administrators | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTS-11-999999 - All Motorola Solutions Android 11 installations must be removed. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| vCenter : check-privilege-reassignment | VMWare vSphere 5.X Hardening Guide | VMware | |
| WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AD-000011-DC - Separate, NSA-approved (Type 1) cryptography must be used to protect the directory data-in-transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data - Type 1 cryptography must be used to protect the directory data-in-transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-00-000010 - Windows Server 2022 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
