| 1.2.1 Ensure GPG keys are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1.1 Ensure GPG keys are configured | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1.1 Ensure GPG keys are configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1.1 Ensure GPG keys are configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1.2 Ensure gpgcheck is globally activated | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure gpgcheck is globally activated | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure gpgcheck is globally activated | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.3 Ensure gpgcheck is globally activated - yum.conf | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.3 Ensure GPG keys are configured | CIS Debian 10 Server L1 v2.0.0 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Signed-out search activity' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 20.17 Ensure 'Deny-all, permit-by-exception policy to allow the execution of authorized software programs' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.17 Ensure 'Deny-all, permit-by-exception policy to allow the execution of authorized software programs' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| AIOS-02-080104 - Apple iOS must implement the management setting: require password when connecting to AirPlay device for the first time. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-12-011100 - Apple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-16-710900 - Apple iOS/iPadOS 16 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL |
| AIOS-18-010950 - Apple iOS/iPadOS 18 must implement the management setting: require passcode for incoming Airplay connection requests. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL |
| APPL-14-005130 The macOS system must enforce installation of XProtect Remediator and Gatekeeper updates automatically. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs) | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs). | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration of DB2 or database(s). | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| DB2X-00-008700 - DB2 must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions - CAs | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAM141 - McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee files and settings. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| DTAM142 - McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| DTAM144 - McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent termination of McAfee processes. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | ACCESS CONTROL |
| DTAM144 - McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent termination of McAfee processes. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | ACCESS CONTROL |
| Ensure iptables is installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure iptables is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure prelink is disabled - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsh client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsh client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server v1909 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| VCUI-70-000028 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-00-000270 - Windows Server 2022 must have the roles and features required by the system documented. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
