| 1.6 Ensure 'SCL Quarantine' is 'Enabled' | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.40 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' - Administrators, NT SERVICE\WdiServiceHost | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 4.3.4.12 Ensure klogin daemon is not in use | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Ensure that 'Inline Cloud Analysis' on Wildfire profiles is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 Ensure that 'Inline Cloud Analysis' on Wildfire profiles is enabled | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 16. OpenStack Networking - Policy.json - 'get_subnetpool' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - BannedFunctions | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - DeepHooks | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 33. OpenStack Networking - Policy.json - 'get_agent-loadbalancers' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 34. OpenStack Networking - Policy.json - 'update_port:device_owner' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 36. OpenStack Networking - Policy.json - 'context_is_admin' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 40. OpenStack Networking - Policy.json - 'create_qos_queue' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 49. OpenStack Networking - Policy.json - 'get_metering_label' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 56. OpenStack Networking - Policy.json - 'create_port:mac_address' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 67. OpenStack Networking - Policy.json - 'update_subnetpool' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 69. OpenStack Networking - Policy.json - 'update_router:ha' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 71. OpenStack Networking - Policy.json - 'get_network:router:external' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 85. OpenStack Networking - Policy.json - 'update_port:fixed_ips' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 97. OpenStack Networking - Policy.json - 'remove_router_interface' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 99. OpenStack Networking - Policy.json - 'shared' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 104. OpenStack Networking - Policy.json - 'get_network:segments' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 113. OpenStack Networking - Policy.json - 'update_firewall_rule' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 119. OpenStack Networking - Policy.json - 'get_firewall' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 120. OpenStack Networking - Policy.json - 'delete_port' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 125. OpenStack Networking - Policy.json - 'get_firewall:shared' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| 126. OpenStack Networking - Policy.json - 'update_network:provider:segmentation_id' | TNS OpenStack Neutron/Networking Security Guide | Unix | ACCESS CONTROL |
| DTAM004 - McAfee VirusScan On-Access General Policies must be configured to notify local users when detections occur. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAM004 - McAfee VirusScan On-Access Scanner General Settings must be configured to notify local users when detections occur. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAM132 - McAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured to display a dialog box when a buffer overflow is detected. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM132 - McAfee VirusScan Buffer Overflow Protection Policies must be configured to display a dialog box when a buffer overflow is detected. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM137 - McAfee VirusScan On-Access General Policies Artemis sensitivity level must be configured to medium or higher - ArtemisLevel | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM137 - McAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher - ArtemisEnabled | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM137 - McAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher - ArtemisLevel | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM157 - McAfee VirusScan On-Delivery Email Scan Policies Artemis sensitivity level must be configured to medium or higher - enabled | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| DTAM157 - McAfee VirusScan On-Delivery Email Scan Policies Artemis sensitivity level must be configured to medium or higher. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| DTAM157 - McAfee VirusScan On-Delivery Email Scanner Artemis sensitivity level must be configured to Medium or higher. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| DTAM157 - McAfee VirusScan On-Delivery Email Scanner Artemis sensitivity level must be configured to Medium or higher. - enabled | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-003030 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-002410 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-003010 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000219 - The BIG-IP Core implementation must be configured to protect against known types of Denial of Service (DoS) attacks by employing signatures when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: HTTPS Server is configured | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: HTTPS Server is not configured | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Review Device Info/Version | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| JUSX-IP-000004 - The Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| PANW-AG-000020 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | ACCESS CONTROL |
| PANW-IP-000058 - The Palo Alto Networks security platform must off-load log records to a centralized log server in real-time. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| WDNS-SI-000007 - The Windows 2012 DNS Server must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
