| 2.2.4.1.1.1 (L1) Ensure 'Load Pictures from Web pages not created in Excel' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'Web and App Activity' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.5.10.8.1.2.2 (L1) Ensure 'Prevent publishing to a DAV server' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.3.6 Ensure 'signatureAlgorithm' is set to a secure algorithm in OIDC Relying Party (RP) | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Ensure allow and deny filters limit access to specific IP addresses | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Set Retry Limit for Account Lockout | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONDBDIR = /var/passwd | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINALPHA = 2 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINLOWER = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINNONALPHA = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - NAMECHECK = yes | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies- MAXREPEATS = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Access Security - J-Web - Set session-limit restrictions suitable for your environment | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI014-IE11 - Turn off Encryption Support must be enabled. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000120 - System security patches and updates must be installed and up-to-date - oslevel -s | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Use non default admin access ports - HTTP | TNS SonicWALL v5.9 | SonicWALL | CONFIGURATION MANAGEMENT |
| VCEM-70-000033 - ESX Agent Manager default servlet must be set to 'readonly'. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000062 The vCenter Lookup service must be configured to fail to a known safe state if system initialization fails. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-80-000062 The vCenter Perfcharts service must be configured to fail to a known safe state if system initialization fails. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000062 The vCenter STS service must be configured to fail to a known safe state if system initialization fails. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000032 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-80-000062 The vCenter UI service must be configured to fail to a known safe state if system initialization fails. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-80-000130 The vCenter UI service DefaultServlet must be set to 'readonly' for 'PUT' and 'DELETE' commands. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL |
| VCWN-06-000007 - The system must limit the effects of information-flooding types of Denial of Service (DoS) attacks. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000024 - The system must ensure the vpxuser password meets length policy. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000036 - The system must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WBLC-02-000098 - Oracle WebLogic must protect audit tools from unauthorized access. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000098 - Oracle WebLogic must protect audit tools from unauthorized access. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000098 - Oracle WebLogic must protect audit tools from unauthorized access. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000780 - The WebSphere Application Server wsadmin file must be protected from unauthorized modification. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000780 - The WebSphere Application Server wsadmin file must be protected from unauthorized modification. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000780 - The WebSphere Application Server wsadmin file must be protected from unauthorized modification. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server v1909 MS v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Roles | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
