| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 2.1.1.1.4 Set 'seconds' for 'ip ssh timeout' for 60 seconds or less | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.2.2.4 (L1) Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 5.2.16 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/bashrc | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile.d/*.sh | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL |
| 5.5 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | ACCESS CONTROL |
| 5.7 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL |
| 5.7 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 18.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| Big Sur - Configure System to Audit All Failed Program Execution on the System | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Big Sur - Configure System to Audit All Failed Program Execution on the System | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Big Sur - Configure System to Audit All Failed Program Execution on the System | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Big Sur - Configure System to Audit All Failed Program Execution on the System | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Catalina - Configure System to Audit All Failed Program Execution on the System | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Catalina - Configure System to Audit All Failed Program Execution on the System | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Catalina - Configure System to Audit All Failed Program Execution on the System | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Catalina - Configure System to Audit All Failed Program Execution on the System | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| JUSX-DM-000039 - The Juniper SRX Services Gateway must allow only the information system security manager (ISSM) (or administrators/roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the syslog and/or local logs - or administrators/roles appointed by the ISSM to select which auditable events are to be generated and forwarded to the syslog and/or local logs. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUSX-DM-000097 - The Juniper SRX Services Gateway must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Program Execution on the System | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SLES-15-030030 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
