| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.25.2 (L1) Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.57 (L1) Ensure 'Block tracking of users' web-browsing activity' is set to 'Enabled: Balanced (Blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)' or higher | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.67 (L2) Ensure 'Configure Speech Recognition' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.89 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.90 (L1) Ensure 'Enable Discover access to page contents for AAD profiles' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.115 (L2) Ensure 'Live captions allowed' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.117 (L1) Ensure 'Notify a user that a browser restart is recommended or required for pending updates' is set to 'Enabled: Required - Show a recurring prompt to the user indicating that a restart is required' | CIS Microsoft Edge v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Remove rsh-server | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Disable Local WBEM - Make sure that application/management/wbem is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.1.6 Ensure rsh server is not enabled - 'rsh' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - 'shell' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rsh.socket status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.3.15 Ensure 'httpsRequired' is set to 'true' in SAML | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10.1.1 Ensure SSH Service is Configured if Remote CLI is Required | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 12.58 Data Guard Redo - 'Authenticate Redo Transport Services using SSL Certificates' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-02-080101 - Apple iOS must not allow backup to remote systems (enterprise books). | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004700 - Apple iOS must not allow backup to remote systems (enterprise books). | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004700 - Apple iOS must not allow backup to remote systems (enterprise books). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004700 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books). | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004700 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books). | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-004300 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books). | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-003700 - Apple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books). | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-003700 - Apple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books) - enterprise books. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-003700 - Apple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books) - enterprise books. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-703700 - Apple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books) - enterprise books. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-003700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-003700 - Apple iOS/iPadOS 18 must not allow backup to remote systems (enterprise books) - enterprise books. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-019160 - AlmaLinux OS 9 must not enable IP packet forwarding unless the system is a router. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | |
| DTOO278 - Outlook - Automatically configure user profile based on Active Directory primary SMTP address must be enforced. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000004 - The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used. | DISA STIG Edge v2r2 | Windows | MAINTENANCE |
| EX13-MB-000165 - The Exchange Mail Store storage quota must issue a warning. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000185 - Exchange Receive connectors must be clearly named. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000290 - Exchange email forwarding must be restricted. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000116 - Exchange email forwarding must be restricted. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000510 - The Juniper EX switches must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | MAINTENANCE |
| OL07-00-040740 - The Oracle Linux operating system must not be performing packet forwarding unless the system is a router. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040740 - The Red Hat Enterprise Linux operating system must not be performing packet forwarding unless the system is a router. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040380 - The SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-16-030600 - The Ubuntu operating system must not be performing packet forwarding unless the system is a router. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
