| 1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.061 - Unencrypted remote access is permitted to system services. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| 5.5.1.6 Ensure shadow file is configured to use only encrypted representations of passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.53 Ensure 'Permissions on Active Directory data files only allow System and Administrator access' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_Next_Generation_Windows_Security_-_Domain_Controller.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DC | Windows | |
| CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_Next_Generation_Windows_Security_-_Member_Server.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2019 STIG v3.0.0 NG MS | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_Next_Generation_Windows_Security_-_Domain_Controller.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 NG DC | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_Next_Generation_Windows_Security_-_Member_Server.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 NG MS | Windows | |
| ESXI5-VMNET-000046 - All IP-based storage traffic must be isolated using a vSwitch containing management-only port groups. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| Failed authentication lockout - lockout-delay | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| JUNI-RT-000050 - The Juniper router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 140-2 message authentication code algorithm - OSPF | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-002500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to add privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002600 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are modified. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-08-010171 - RHEL 8 must have policycoreutils package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-020030 - The operating system must protect audit tools from unauthorized access. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020040 - The operating system must protect audit tools from unauthorized modification. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020050 - The operating system must protect audit tools from unauthorized deletion. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-014100 - SQL Server and the operating system must protect SQL Server audit features from unauthorized removal. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-004700 - SQL Server must initiate session auditing upon startup. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SRG-OS-000132-ESXI5 - vSphere management traffic must be on a restricted network. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000450 - Tomcat user UMASK must be set to 0027. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| VCFL-67-000008 - vSphere Client must be configured to use the HTTPS scheme. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL |
| VCPG-67-000022 - Rsyslog must be configured to monitor VMware Postgres logs - log | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000267 - The vCenter Server must disable the distributed virtual switch health check. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000269 - The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| WA00520 W22 - The web server must not be configured as a proxy server. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000037 - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000037 - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-RG-000003-MS - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000038 - The system must be configured to prevent IP source routing. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000038 - The system must be configured to prevent IP source routing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000042 - IPSec Exemptions must be limited. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000042 - IPSec Exemptions must be limited. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000046 - The system must be configured to have password protection take effect within a limited time frame when the screen saver becomes active. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000049 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-CC-000060 - Windows Server 2016 must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF)-generated routes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000050 - Windows Server 2019 must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF)-generated routes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-MS-000020 - Windows Server 2022 local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain-joined member servers. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
