| 1.2.2 Ensure 'Host Name' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9 Set 'Configure login authentication for POP3' to 'SecureLogin' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.9 Set 'Configure login authentication for POP3' to 'SecureLogin' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.15 Set 'Configure login authentication for IMAP4' to 'SecureLogin' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.1.9 (L1) Ensure that DKIM is enabled for all Exchange Online Domains | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure 'Protect RE' Firewall filter includes Rate-Limiting for Management Services terms | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Set 'Minimum password length' to '4' or greater | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.12 Set 'Configure dial plan security' to 'Secured' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14 Set 'Retain deleted items for the specified number of days' to '14' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | CONTINGENCY PLANNING |
| 2.14 Set 'Retain deleted items for the specified number of days' to '14' | CIS Microsoft Exchange Server 2016 Mailbox v1.0.0 | Windows | CONTINGENCY PLANNING |
| 2.17 Set 'Time without user input before password must be re-entered' to '15' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 3.1 Set cmdlets 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.3 Set 'Turn on script execution' to 'RemoteSigned' | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Set 'Enable OOF messages to remote domains' to 'None' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.10 Set 'Enable S/MIME for OWA 2010' to 'True' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2.4 Ensure 'ssoRequiresSSL' secure attribute is set to 'true' for the LTPA Cookies | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-029610 - AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Maximum minutes of inactivity until screen locks | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Work Profile Device Configuration - Prevent app installations from unknown sources in the personal profile | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Work profile notifications while device locked | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Work Profile Password expiration (days) | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CASA-FW-000100 - The Cisco ASA must be configured to use TCP when sending log records to the central audit server - Logging Host | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000100 - The Cisco ASA must be configured to use TCP when sending log records to the central audit server - Logging Permit-hostdown | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CIS_Kubernetes_v1.11.1_L1_Master_Node.audit from CIS Kubernetes Benchmark v1.11.1 | CIS Kubernetes v1.11.1 L1 Master Node | Unix | |
| CIS_NGINX_v2.1.0_Level_2_Proxy.audit from CIS NGINX Benchmark v2.1.0 | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | |
| CISC-RT-000740 - The Cisco PE switch must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000740 - The Cisco PE switch must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Microsoft_Edge_v2r2.audit from DISA Microsoft Edge v2r2 STIG | DISA STIG Edge v2r2 | Windows | |
| ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000095 - Exchange IMAP4 service must be disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000190 - The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000020 - Exchange servers must use approved DoD certificates. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX16-MB-002920 - Exchange must have forms-based authentication disabled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| EX19-MB-000019 - Exchange servers must use approved DOD certificates. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX19-MB-000232 - The Exchange SMTP automated banner response must not reveal server details. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN007080 - The Datagram Congestion Control Protocol (DCCP) must be disabled unless required - 'install dccp /bin/true' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN007080 - The Datagram Congestion Control Protocol (DCCP) must be disabled unless required - 'install dccp_ipv6 /bin/true' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| JUNI-RT-000720 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-003500 - MariaDB must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| O19C-00-006000 - Oracle Database must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle Database 19c STIG v1r1 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-008300 - The DBMS must provide a real-time alert when organization-defined audit failure events occur. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-008300 - The system must provide a real-time alert when organization-defined audit failure events occur. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-040021 - OL 8 must not have the asynchronous transfer mode (ATM) kernel module installed if not required for operational support. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000100 - Splunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000250 - Splunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000004 - Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-PK-000010 - The External Root CA certificates must be installed in the Trusted Root Store on unclassified systems. | DISA Microsoft Windows 11 STIG v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000110 - Domain-created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-DC-000110 - Windows Server 2019 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
