| 1.12 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.14 Audit Docker files and directories - /etc/sysconfig/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.2 Ensure Screen Saver Corners Are Secure - top left corner | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 3.1.1 Verify if IPv6 is enabled on the system | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Verify if IPv6 is enabled on the system | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iPadOS 26 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL |
| 4.2.4 Enable AI /heuristic based malware detection | CIS Fortigate 7.0.x v1.4.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100050 - Ubuntu 24.04 LTS must not have the nfs-kernel-server package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100840 - Ubuntu 24.04 LTS SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200000 - Ubuntu 24.04 LTS must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200060 - Ubuntu 24.04 LTS must automatically terminate a user session after inactivity timeouts have expired. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200580 - Ubuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200610 - Ubuntu 24.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-300001 - Ubuntu 24.04 LTS Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu 24.04 LTS components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300009 - Ubuntu 24.04 LTS library files must be group-owned by root or a system account. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300025 - Ubuntu 24.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300039 - Ubuntu 24.04 LTS must disable automatic mounting of Universal Serial Bus (USB) mass storage driver. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-300041 - Ubuntu 24.04 LTS must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) and vulnerability assessments. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-400310 - Ubuntu 24.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-600130 - Ubuntu 24.04 LTS must ensure only users who need access to security functions are part of sudo group. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-700040 - Ubuntu 24.04 LTS must be configured so that the "journalctl" command is owned by "root". | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700070 - Ubuntu 24.04 LTS must configure the files used by the system journal to be group-owned by "systemd-journal". | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-900090 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the mount command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900200 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900210 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900230 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900260 - Ubuntu 24.04 LTS must generate audit records for the use and modification of the lastlog file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900310 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900340 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900600 - Ubuntu 24.04 LTS must generate audit records for the /var/run/utmp file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901260 - Ubuntu 24.04 LTS must have directories that contain system commands set to a mode of "0755" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901380 - Ubuntu 24.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-909890 - Ubuntu 24.04 LTS must use cryptographic mechanisms to protect the integrity of audit tools. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000008 - The vCenter Server must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000036 - The vCenter Server must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| VCTR-67-000043 - The vCenter Server passwords must contain at least one special character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000051 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000059 - The vCenter Server must enable certificate based authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000065 - The vCenter Server must have Mutual CHAP configured for vSAN iSCSI targets. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000070 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000074 - The vCenter Server Administrators must clean up log files after failed installations. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000077 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
