| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS AlmaLinux OS 8 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 8 v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS AlmaLinux OS 8 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.11 Ensure unused filesystems kernel modules are not available | CIS Oracle Linux 10 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.14 Ensure the GnuTLS library is configured to only allow DoD-approved SSL/TLS Versions | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.25 UBTU-24-100830 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.27 UBTU-24-100850 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.40 OL08-00-010290 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | MAINTENANCE |
| 1.45 OL08-00-010295 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 2.1 Ensure that IP addresses are mapped to usernames | CIS Palo Alto Firewall 10 v1.3.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.11 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 4.7 Ensure VPC flow logging is enabled in all VPCs | CIS Amazon Web Services Foundations v7.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.8.1 (L1) Ensure that password hash sync is enabled for hybrid deployments | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 5.1.8.1 (L1) Ensure that password hash sync is enabled for hybrid deployments | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Linux Mint 22 v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 22.04 LTS v3.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.3.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 20.04 LTS v3.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.4.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.4.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 18.10.42.5.2 Ensure 'Join Microsoft MAPS' is set to 'Enabled: Advanced' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| O19C-00-006000 - Oracle Database must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle Database 19c STIG v1r5 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| O19C-00-006000 - Oracle Database must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| O19C-00-012400 - Oracle Database must set the maximum number of consecutive invalid logon attempts to three. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| PANW-AG-000118 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected. | DISA Palo Alto Networks ALG STIG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-011320 - Where SQL Server Audit is in use at the database level, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the database level. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010044 - The Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-255050 - Ubuntu 22.04 LTS must configure the SSH daemon to use FIPS 140-3-approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-CM-000010 - The Windows 2012 DNS Servers zone files must have NS records that point to active name servers authoritative for the domain specified in that record. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
