| 1.4.1.1.2 Ensure 'Load Pictures from Web Pages Not Created in Excel' is set to Disabled | CIS Microsoft Office Excel 2013 v1.0.1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 Ensure 'Document Information Panel Beaconing UI' is set to 'Enabled: Always show UI' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Validate Proxy Settings | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Validate Proxy Settings | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | |
| 3.6 Validate Proxy Settings | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Validate Proxy Settings | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Ensure SharePoint displays an approved system use notification message or banner before granting access to the system. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 4.1.5 Disable weak ciphers | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.5 Disable weak ciphers | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.19 Ensure server headers on requests are removed | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | MEDIA PROTECTION |
| 7.2 Ensure that the SafeControls list is set to the minimum set of controls needed for your sites | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - J-Web over HTTP | Juniper Hardening JunOS 12 Devices Checklist | Juniper | CONFIGURATION MANAGEMENT |
| AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Mozilla_Firefox_v6r6_Linux.audit from DISA Mozilla Firefox v6r6 STIG | DISA STIG Mozilla Firefox Linux v6r6 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r6_MacOS.audit from DISA Mozilla Firefox v6r6 STIG | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | |
| ESXI-70-000062 - Use of the dvFilter network application programming interfaces (APIs) must be restricted. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000091 - The ESXi host must be configured with an appropriate maximum password age. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000097 - The ESXi Common Information Model (CIM) service must be disabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| Load pictures from Web pages not created in Excel | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Load pictures from Web pages not created in Excel | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Load pictures from Web pages not created in Excel | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000570 - Tomcat default ROOT web application must be removed. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000023 - ESX Agent Manager must not show directory listings. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000025 - ESX Agent Manager must be configured to not show error reports. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-80-000001 The vCenter VAMI service must limit the number of allowed simultaneous session requests. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | ACCESS CONTROL |
| VCPF-67-000023 - Performance Charts must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000026 - Performance Charts must hide the server version | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPG-70-000003 - VMware Postgres configuration files must not be accessible by unauthorized users. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCPG-70-000007 - VMware Postgres must limit modify privileges to authorized accounts. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPG-70-000010 - The vPostgres database must use 'md5' for authentication. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-70-000016 - VMware Postgres must provide nonprivileged users with minimal error information. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPG-70-000017 - VMware Postgres must have log collection enabled. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - SSL Listen Port | Oracle WebLogic Server 12c Linux v2r2 | Unix | ACCESS CONTROL |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - SSL Listen Port | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - Unsecure Listen Port | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - Unsecure Listen Port | Oracle WebLogic Server 12c Linux v2r2 | Unix | ACCESS CONTROL |
| WBLC-02-000100 - Oracle WebLogic must protect audit tools from unauthorized deletion. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000100 - Oracle WebLogic must protect audit tools from unauthorized deletion. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000180 - The WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001300 - The WebSphere Application Server must accept PIV credentials from other federal agencies to access management interface. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WG145 W22 - The private web server must use an approved DoD certificate validation process. - 'SSLCARevocationFile' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG145 W22 - The private web server must use an approved DoD certificate validation process. - 'SSLCARevocationPath' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
