| 1.6.12 Ensure the OpenSSL library is configured to use only ciphers employing FIPS 140-2-approved algorithms | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.39 OL08-00-010287 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.32 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.20 Ensure that 'Wildfire Inline ML Action' on antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-045450 - AlmaLinux OS 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-003016 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-DM-000106 - The Juniper SRX Services Gateway must generate an alarm or send an alert message to the management console when a component failure is detected. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | CONFIGURATION MANAGEMENT |
| MYS8-00-009900 - The MySQL Database Server 8.0 must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-016800 - Oracle Database must take needed steps to protect data at rest and ensure confidentiality and integrity of application data. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data. | DISA Oracle Database 12c STIG v3r5 OracleDB | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000219 - OHS must be segregated from other services - OHS must be segregated from other services. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000301 - OL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator (SA) when anomalies in the operation of any security functions are discovered. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010297 - The RHEL 8 SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-651015 - RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-300050 - RHEL 10 must be configured so that Secure Shell (SSH) clients use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, MAINTENANCE |
| SLES-12-030180 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| SQL4-00-011310 - Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-011100 - SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - SSL | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r5 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| WG204 A22 - A web server must be segregated from other services. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG204 A22 - A web server must be segregated from other services. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
