| 1.13 Audit Docker files and directories - /etc/docker/daemon.json | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.3 Ensure dhcp server services are not in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure dhcp server services are not in use | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure dhcp server services are not in use | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure dhcp server services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure dhcp server services are not in use | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure dhcp server services are not in use | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure dhcp server services are not in use | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure dhcp server services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.24 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.27 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 5.4.1 Ensure password creation requirements are configured - lcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth retry=3 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth try_first_pass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth try_first_pass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - ucredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS Control 6 (6.2(b)) Activate Audit Logging | CAS Implementation Group 1 Audit File | Unix | AUDIT AND ACCOUNTABILITY |
| ESXI-06-000003 - The system must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000007 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000008 - The SSH daemon must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000043 - The system must logout of the console UI after a predetermined period. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000049 - The system must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000054 - The system must enable bidirectional CHAP authentication for iSCSI traffic. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000064 - All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000066 - The non-negotiate option must be configured for trunk links between external physical switches and virtual switches in VST mode. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000071 - The system must verify the integrity of the installation media before installing ESXi. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-100004 - The VMM must support the capability to centrally review and analyze audit records from multiple components within the system by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-100038 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using the vSphere Authentication Proxy. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100039 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by restricting use of Active Directory ESX Admin group membership. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100040 - The VMM must accept Personal Identity Verification (PIV) credentials. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200031 - The VMM must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200040 - The VMM must electronically verify Personal Identity Verification (PIV) credentials. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300004 - The VMM must protect audit information from unauthorized deletion by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-300038 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by using the vSphere Authentication Proxy. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-400031 - The VMM must enforce a minimum 15-character password length. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| MSFT-11-000100 - Microsoft Android 11 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000001 - The system must use a separate file system for /tmp. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000002 - The system must use a separate file system for /var. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless using RHN or an RHN Satellite - 'CHKCONFIG'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless using RHN or an RHN Satellite - 'PROCESS_CHECK'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000011 - System security patches and updates must be installed and up-to-date. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-06-000015 - The system package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000018 - A file integrity baseline must be created. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000021 - The Red Hat Enterprise Linux operating system must not contain .shosts or shosts.equiv files. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000023 - The system must use a Linux Security Module configured to limit the privileges of system services. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000025 - All device files must be monitored by the system Linux Security Module. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| ZEBR-11-000100 - Zebra Android 11 must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Zebra Android 11 COBO v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| ZEBR-11-000100 - Zebra Android 11 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
