| 1.3.1 (L2) Ensure 'Allow read access via the File System API on these sites' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.6 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.7 (L2) Ensure 'Control use of the WebHID API' is set to 'Enabled: Do not allow any site to request access to HID devices via the WebHID API' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.10 (L2) Ensure 'Default setting for third-party storage partitioning' is set to 'Enabled: Block third-party storage partitioning from being enabled.' | CIS Microsoft Edge v3.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.25.2 (L1) Ensure 'Configure Microsoft Defender SmartScreen to block potentially unwanted apps' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.30 (L2) Ensure 'Allow file selection dialogs' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.40 (L2) Ensure 'Allow or block audio capture' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.57 (L1) Ensure 'Block tracking of users' web-browsing activity' is set to 'Enabled: Balanced (Blocks harmful trackers and trackers from sites user has not visited; content and ads will be less personalized)' or higher | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.65 (L2) Ensure 'Configure Online Text To Speech' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.117 (L1) Ensure 'Notify a user that a browser restart is recommended or required for pending updates' is set to 'Enabled: Required - Show a recurring prompt to the user indicating that a restart is required' | CIS Microsoft Edge v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.127 (L2) Ensure 'Spell checking provided by Microsoft Editor' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - 'exec' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - 'rlogin' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - 'rsh' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - 'shell' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.17 Ensure rsh server is not enabled - rexec.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.22.2 Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL |
| 5.1.2 Ensure rsh server is not enabled - 'login' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure rsh server is not enabled - shell | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 18.9.59.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-02-080101 - Apple iOS must not allow backup to remote systems (enterprise books). | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-004300 - Apple iOS/iPadOS must not allow backup to remote systems (enterprise books). | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-003700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DKER-EE-001960 - Privileged Linux containers must not be used for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTOO278 - Outlook - Automatically configure user profile based on Active Directory primary SMTP address must be enforced. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000067 - Session only-based cookies must be enabled. | DISA STIG Edge v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000165 - The Exchange Mail Store storage quota must issue a warning. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000185 - Exchange Receive connectors must be clearly named. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000290 - Exchange email forwarding must be restricted. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000032 - The Exchange email diagnostic log level must be set to the lowest level. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000116 - Exchange email forwarding must be restricted. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL08-00-030680 - OL 8 must have the packages required for encrypting offloaded audit logs installed. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000106 - The Photon operating system must not perform IPv4 packet forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000231 The Photon operating system must not perform IPv4 packet forwarding. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv6.conf.default.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000112 - The Photon operating system must not perform IPv4 packet forwarding. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030680 - RHEL 8 must have the packages required for encrypting offloaded audit logs installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030364 - The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040381 - The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000224 - Oracle WebLogic must terminate user sessions upon user logout or any other organization- or policy-defined session termination events such as idle time limit exceeded. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
