| 1.9 Ensure 'Encrypt phone' or 'Encrypt tablet' is set to Enabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.3.1 - MobileIron - Enable Prevent Move for Sensitive Mail Accounts | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.3.2 - MobileIron - Require Use Only in Mail for Sensitive Mail Accounts | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| AIOS-11-080202 - Apple iOS must wipe protected or sensitive data upon unenrollment from MDM. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| Ensure 'EIGRP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Image Authenticity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'SNMP traps' is enabled - authentication | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'TLS 1.0' is set for HTTPS access | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000159 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | ACCESS CONTROL |
| Fortigate - Admin password lockout threshold - '1-3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Disable SSHv1 admin access | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - DNS - primary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - DNS - secondary server | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Encrypt logs sent to FortiAnalyzer/FortiManager | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - External Logging - 'fortianalyzer3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer2 Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer3 Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Log user authentication messages | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - NTP server configuration - *.ntp.org | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Password Complexity - 1 non-alphanum character | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Password Complexity - 1 uppercase letter | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Password Complexity - at least 1 char | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Password Complexity - length >= 8 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Password Expiry date <= 30 days | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - RADIUS, LDAP, or TACACS+ response wait period | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Review and disable unused interfaces | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - SNMP is enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - SNMP v3 uses SHA instead of MD5 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Syslog2 Logging - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Syslogd Logging - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Use non default admin access ports - 'HTTPS' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Use non default admin access ports - 'SSH' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Webfilter License - Not Expired | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Wireless-activity event logging | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| GOOG-09-005505 - The Google Android Pie must be configured to enable audit logging. | MobileIron - DISA Google Android 9.x v2r1 | MDM | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GOOG-10-005505 - Google Android 10 must be configured to enable audit logging. | MobileIron - DISA Google Android 10.x v2r1 | MDM | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| HONW-09-007150 - The Honeywell Android Pie must wipe all data upon unenrollment from MDM. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| KNOX-07-018200 - The Samsung must be configured to Add the MDM Client application to the Battery optimizations modes Whitelist. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-018800 - The Samsung Android 7 with Knox must implement the management setting: Enable Audit Log. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging. | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MOTO-09-006100 - The Motorola Android Pie must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
| MOTO-09-006100 - The Motorola Android Pie must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Detect SSLv2 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SQL2-00-025200 - The OS must limit privileges to the SQL Server data directories and their subordinate directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-006100 - Zebra Android 10 must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
| ZEBR-10-006100 - Zebra Android 10 must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
