| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 10 v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 8 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 8 v3.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 8 v3.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 8 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Ensure system wide crypto policy disables sha1 hash and signature support | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.384 RHEL-09-653095 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.3 Ensure 'BGP authentication' is enabled | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - 'max_connections <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-054690 - AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001150 - The macOS system must disable password authentication for SSH. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-15-001150 - The macOS system must disable password authentication for SSH. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-26-001150 - The macOS system must disable password authentication for SSH. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA Apache Server 2.4 Windows Site STIG v2r2 | Windows | ACCESS CONTROL |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBC-0004 - Sites ability to show pop-ups must be disabled. | DISA Google Chrome Current Windows STIG v2r11 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-70-000084 - The ESXi host must enable audit logging. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| Excel 2 worksheets | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IBMW-LS-000970 - The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period. | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000775 - OL 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Oracle Linux 9 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653095 - RHEL 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500125 - RHEL 10 must periodically flush audit records to disk to ensure that audit records are not lost. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000019 - Lookup Service must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000019 - The Security Token Service must limit the number of allowed connections. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-80-000126 The vCenter UI service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL |
