| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.40 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.50 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.54 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.55 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.55 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.14 Bind incoming container traffic to a specific host interface | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 6.20 Ensure that 'Wildfire Inline ML Action' on antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| DKER-EE-002160 - Docker Enterprise incoming container traffic must be bound to a specific host interface. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EX13-EG-003016 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-MB-003031 - A DoD-approved third party Exchange-aware malicious code protection application must be implemented. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000037 - The BIG-IP Core implementation must be configured to use NIST SP 800-52 Revision 1 compliant cryptography to protect the integrity of remote access sessions to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | ACCESS CONTROL |
| F5BI-LT-000215 - The BIG-IP Core implementation must be configured to protect against known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-007400 MongoDB must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SLES-12-030180 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SLES 12 STIG v3r2 | Unix | ACCESS CONTROL, MAINTENANCE |
| SLES-15-010270 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| SQL4-00-011310 - Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - SSL | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| UBTU-18-010417 - The Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, MAINTENANCE |
| UBTU-22-255055 - Ubuntu 22.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3-approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SI-000005 - The Windows 2012 DNS Server must, when a component failure is detected, activate a notification to the system administrator. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| WG204 W22 - A web server installation must be segregated from other services. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
