| 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.40 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' - Administrators, NT SERVICE\WdiServiceHost | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.6 (L1) Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 12. OpenStack Compute - Policy.json - 'os_compute_api:os-admin-actions:reset_state' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 20. OpenStack Compute - Policy.json - 'os_compute_api:os-cells:sync_instances' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 25. OpenStack Compute - Policy.json - 'os_compute_api:os-migrate-server:migrate' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 101. OpenStack Compute - Policy.json - 'compute:create:forced_host' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 106. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-extra-specs:create' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 114. OpenStack Compute - Policy.json - 'os_compute_api:os-evacuate' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 120. OpenStack Compute - Policy.json - 'compute_extension:server_diagnostics' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 139. OpenStack Compute - Policy.json - 'os_compute_api:os-cells' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 142. OpenStack Compute - Policy.json - 'compute_extension:accounts' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| 143. OpenStack Compute - Policy.json - 'os_compute_api:os-floating-ips-bulk' | TNS OpenStack Nova/Compute Security Guide | Unix | ACCESS CONTROL |
| Auditing and logging | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Auditing and logging - server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Auditing and logging - severity | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Auto Backup via central management is not available or not configured. | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONTINGENCY PLANNING |
| Centralized authentication - configuration | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - tacacs accounting | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - tacacs authorization | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Console inactivity timer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Dynamic ARP Protection - global | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - port trust, vlans, and validate | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-002400 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Extreme : License Info | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
| Fortigate - AAA - RADIUS server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Review the patch update method | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| Fortigate - Review users with admin privileges | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - SNMP v3 is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM HTTP Server is installed and running on the system | TNS IBM HTTP Server Best Practice | Unix | |
| MACsec | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management interface | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management VLAN | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| MYS8-00-001700 - The MySQL Database Server 8.0 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| RADIUS and TACACS+ authorization and accounting - accounting commands | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010171 - RHEL 8 must have policycoreutils package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010421 - RHEL 8 must clear the page allocator to prevent use-after-free attacks. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Session timeout | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| SLES-12-010499 - The SUSE operating system must use a file integrity tool to verify correct operation of all security functions. | DISA SLES 12 STIG v3r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 enable | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| Storing credentials in the switch configuration | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| Telnet vs. Secure Shell - idle-timeout | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| TFTP vs SFTP and SCP - ip ssh filetransfer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time synchronization - ntp authentication | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010510 - The file integrity tool must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WDNS-SI-000006 - The Windows 2012 DNS Server must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
