| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.3.4 (L2) Ensure 'Control use of the File System API for reading' is set to 'Enabled: Don't allow any site to request read access to files and directories via the File System API' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rsh.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Ensure 'POP3' Windows services are 'Disabled' | CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.6 Ensure 'Disable 'Remember password' for Internet e-mail accounts' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Set 'Allow simple passwords' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'Allow unmanaged devices' is set to 'False' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2 Ensure rsh server is not enabled - 'exec' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure rsh server is not enabled - 'shell' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 12.58 Data Guard Redo - 'Authenticate Redo Transport Services using SSL Certificates' | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AIOS-15-003700 - Apple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books). | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-703700 - Apple iOS/iPadOS 16 must not allow backup to remote systems (enterprise books) - enterprise books. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-703700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-703700 - Apple iOS/iPadOS 17 must not allow backup to remote systems (enterprise books) - enterprise books. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-003700 - Apple iOS/iPadOS 18 must not allow backup to remote systems (enterprise books) - enterprise books. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-030050 - AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. | DISA STIG Cisco ASA NDM v2r2 | Cisco | MAINTENANCE |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| EDGE-00-000039 - URLs must be allowlisted for plugin use if used. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000045 - Exchange Email Diagnostic log level must be set to lowest level. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-MB-000610 - Exchange Outlook Anywhere clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EX19-MB-000117 - Exchange email-forwarding SMTP domains must be restricted. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000203 - Exchange Outlook Anywhere clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EX19-MB-000236 - The application must protect the confidentiality and integrity of transmitted information. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| IIST-SV-000205 - The IIS 10.0 web server must enable HTTP Strict Transport Security (HSTS) | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| JUEX-NM-000340 - The Juniper EX switch must be configured to use FIPS 140-2/140-3 validated algorithms for authentication to a cryptographic module. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000520 - The Juniper EX switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | MAINTENANCE |
| MD7X-00-012500 MongoDB must be configured in accordance with the security configuration settings based on DOD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| MS.EXO.8.3v1 - The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| O365-EX-000003 - Dynamic Data Exchange (DDE) server launch in Excel must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000125 - The Stream Control Transmission Protocol (SCTP) must be disabled unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
