| 5.3 (L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.6.2 Ensure system accounts are secured | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6.2 Ensure system accounts are secured | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6.2 Ensure system accounts are secured | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.3.1 Set 'Java permissions' to 'Enabled:Disable Java' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.7.1 Set 'Java permissions' to 'Enabled:Disable Java' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.10.1 Set 'Java permissions' to 'Enabled:Disable Java' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| AIX7-00-001010 - The AIX SYSTEM attribute must not be set to NONE for any account. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001011 - Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001040 - The AIX root accounts home directory must not have an extended ACL. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-001100 - AIX must be configured to allow users to directly initiate a session lock for all connection types. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AIX7-00-002003 - AIX must produce audit records containing information to establish where the events occurred. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| AIX7-00-002062 - AIX must remove !authenticate option from sudo config files. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002084 - The AIX /etc/group file must be group-owned by security. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002086 - All AIX interactive users home directories must be group-owned by the home directory owner primary group. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002087 - All files and directories contained in users home directories on AIX must be group-owned by a group in which the home directory owner is a member. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002090 - AIX time synchronization configuration file must have mode 0640 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002091 - The AIX /etc/group file must have mode 0644 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002103 - All AIX shells referenced in passwd file must be listed in /etc/shells file, except any shells specified for the purpose of preventing logins. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002108 - If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002146 - The AIX /etc/syslog.conf file must have a mode of 0640 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-003000 - AIX must automatically lock after 15 minutes of inactivity in the CDE Graphical desktop environment. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AIX7-00-003003 - AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-003005 - AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003015 - The AIX /etc/group file must not have an extended ACL. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-003043 - If AIX system does not act as a remote print server for other servers, the lpd daemon must be disabled. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-003052 - If AIX server is not functioning as a network router, the gated daemon must be disabled. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-090100 - The operating system must prevent the execution of prohibited mobile code. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
