| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - EXCEL.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - INFOPATH.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - javaw.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - LYNC.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - MSACCESS.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - MSPUB.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OIS.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OUTLOOK.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - PPTVIEW.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - VISIO.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - VPREVIEW.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - WINWORD.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - wordpad.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - AcroRd32.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - EXCEL.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - java.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - javaws.exe | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - LYNC.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - LYNC.exe | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OUTLOOK.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - POWERPNT.EXE | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - VISIO.EXE | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - VPREVIEW.EXE | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - WINWORD.EXE | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 20 - Enable Encryption | TNS Best Practice JBoss 7 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000007 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000032 - The ESXi host must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000036 - The ESXi host must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000046 - The ESXi host must configure NTP time synchronization. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000058 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000065 - All port groups on standard switches must not be configured to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000072 - The ESXi host must have all security patches and updates installed. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| Turn on Enhanced Protected Mode | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000045 - The vCenter Server must limit the maximum number of failed login attempts to three. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000060 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000066 - The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000069 - The vCenter Server must use a limited privilege account when adding an LDAP identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
