| 1.1.2.2 vty line authentication | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL |
| 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.25 Ensure 'Guest profiles' do not exist | MobileIron - CIS Google Android v1.3.0 L1 | MDM | |
| 2.1.6 Key chains | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 Ensure 'Configure Windows NTP Client' is set to 'Enabled: NT5DS' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 Ensure 'Configure Windows NTP Client' is set to 'Enabled: NT5DS' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.56 Ensure 'Separate NSA-approved (Type 1) cryptography is used' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.56 Ensure 'Separate NSA-approved (Type 1) cryptography is used' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000130 - The Cisco router must be configured to restrict traffic destined to itself. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000220 - The Cisco router must be configured to produce audit records containing information to establish the source of the events. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000720 - The Cisco PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000740 - The Cisco PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE router must be configured to ignore or block all packets with any IP options. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000890 - The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| EX13-CA-000010 - Exchange must use Encryption for OWA access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-002910 - Exchange must use encryption for Outlook Web App (OWA) access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
