| 2.3 (L1) Host must enable Secure Boot enforcement | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.8 Only enable CDE-related daemons if absolutely necessary - Uncomment service 100083 in /etc/inet/inetd.conf | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.5.12 klogin | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Ensure that 'Inline Cloud Analysis' on Wildfire profiles is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Ensure incoming container traffic is binded to a specific host interface | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.3.4 Ensure that all 'privileged' role assignments are periodically reviewed | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.30 Ensure RDS Database is not publically accessible | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.34 Ensure RDS Database is configured to use the Data Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 9.1.3.1 Ensure that Defender for Servers is set to 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - AntiDetours | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - DeepHooks | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - ExploitAction | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.24 Ensure 'Domain Controllers run on a machine dedicated to that function' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-003540 - AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| Control Plane Policing | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - global | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAM137 - McAfee VirusScan On-Access General Policies Artemis sensitivity level must be configured to medium or higher - ArtemisEnabled | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM137 - McAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher - ArtemisEnabled | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM137 - McAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher - ArtemisLevel | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM157 - McAfee VirusScan On-Delivery Email Scanner Artemis sensitivity level must be configured to Medium or higher. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| EX13-EG-003010 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-002410 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-003010 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-003010 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-002880 - The applications built-in Malware Agent must be disabled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000219 - The BIG-IP Core implementation must be configured to protect against known types of Denial of Service (DoS) attacks by employing signatures when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN006560 - The system vulnerability assessment tool, host-based intrusion detection tool, and file integrity tool must notify the SA and the IAO of a security breach or a suspected security breach. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| GEN006560 - The system vulnerability assessment tool, host-based intrusion detection tool, and file integrity tool must notify the SA and the IAO of a security breach or a suspected security breach. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000004 - The Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-IP-000018 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing anomaly-based detection. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Local password complexity - password composition lowercase | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password configuration aging | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Minimum password length | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000254 - OL 9 SSH server must be configured to use only ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Oracle Linux 9 STIG v1r2 | Unix | ACCESS CONTROL |
| OL09-00-000255 - OL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Oracle Linux 9 STIG v1r2 | Unix | ACCESS CONTROL |
| OL09-00-002390 - OL 9 must clear SLUB/SLAB objects to prevent use-after-free attacks. | DISA Oracle Linux 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-255060 - RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-255064 - The RHEL 9 SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-255070 - The RHEL 9 SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-431025 - RHEL 9 must have policycoreutils package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 only | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-120410 - The operating system must monitor for unauthorized connections of mobile devices to organizational information systems. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time synchronization - ntp authentication | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Time synchronization - ntp server | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Time synchronization - ntp server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010074 - The Ubuntu operating system must be configured so that the script which runs each 30 days or less to check file integrity is the default one. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| USB port | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
