| 1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.3.5 Ensure nftables loopback traffic is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.7 Ensure nftables default deny firewall policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.5 Ensure iptables rules are saved | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.6 Ensure iptables service is enabled and active | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.3 Ensure ip6tables firewall rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.2 Ensure permissions on /etc/crontab are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.7 Ensure permissions on /etc/cron.d are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.11 Ensure sshd IgnoreRhosts is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.13 Ensure sshd LoginGraceTime is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.20 Ensure sshd PermitRootLogin is disabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.22 Ensure sshd UsePAM is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.2.6 Ensure password maximum sequential characters is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.4.2.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.1 Ensure strong password hashing algorithm is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.1.4 Ensure journald is not configured to receive logs from a remote client | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.2.2 Ensure journald service is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.6 Ensure journald log rotation is configured per site policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure logrotate is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.6 Ensure no duplicate user names exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.8 Ensure root path integrity | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO114 - Open/Save actions for Excel 2 worksheets must be blocked. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO114 - Open/Save actions for Excel 2 worksheets must be blocked. | DISA STIG Microsoft Excel 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN006460 - Any NIS+ server must be operating at security level 2. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006460 - Any NIS+ server must be operating at security level 2. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| Login: ssh - v2 and later is enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000265 - The vCenter server must disable SNMPv1/2 receivers. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WPAW-00-001000 - The Windows PAW must be configured so that all non-administrative-related applications and functions are blocked or removed from the PAW platform, including but not limited to email, Internet browsing, and line-of-business applications. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
