| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.4.8 Ensure File Sharing Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.8.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.10.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 Ensure EFI Version Is Valid and Checked Regularly - daemon | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.11 Ensure EFI Version Is Valid and Checked Regularly - integrity-check | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.13 Ensure EFI version is valid and being regularly checked - daemon | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.13 Ensure EFI version is valid and being regularly checked - itegrity-check | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.5 Activate AppArmor - '0 processes unconfined' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | ACCESS CONTROL |
| 4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 processes are unconfirmed | CIS Debian Linux 7 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 profiles are in complain mode | CIS Debian Linux 7 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 11 - Managing SSHv2 - Ciphers | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 11 - Managing SSHv2 - Key Exchange Algorithms | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-13-013400 - Apple iOS/iPadOS must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-013400 - Apple iOS/iPadOS must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011300 - Apple iOS/iPadOS must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011300 - Apple iOS/iPadOS must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-012900 - Apple iOS/iPadOS 15 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-012900 - Apple iOS/iPadOS 16 must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012900 - Apple iOS/iPadOS 16 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012900 - Apple iOS/iPadOS 17 must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012900 - Apple iOS/iPadOS 17 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-012900 - Apple iOS/iPadOS 18 must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-14-000001 The macOS system must prevent Apple Watch from terminating a session lock. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| Ensure mounting of hfs filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000640 - The JBoss server, when hosting mission critical applications, must be in a high-availability (HA) cluster. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000225 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-050470 - The operating system must prevent internal users from sending out packets which attempt to manipulate or spoof invalid IP addresses. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
