| 2.1 Ensure that IP addresses are mapped to usernames | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - Zones | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - Zones | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 2.1 Ensure that IP addresses are mapped to usernames - Zones | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 2.2.1 Enable 'Set time and date automatically' - Set time and date automatically | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Enable 'Set time and date automatically' - Set time and date automatically | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure 'Set time and date automatically' Is Enabled - Set time and date automatically | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure Network Access Rules are set to Deny-by-default | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.39 Ensure 'Profile single process' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.39 Ensure 'Profile single process' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.7 Ensure internal sources are blocked on external networks | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 49.20 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL |
| 89.26 (L1) Ensure 'Profile Single Process' is set to 'Administrators' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.29 (L1) Ensure 'Profile Single Process' is set to 'Administrators' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| BIND-9X-001611 - Every NS record in a zone file on a BIND 9.x server must point to an active name server and that name server must be authoritative for the domain specified in that record. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DTAM091 - McAfee VirusScan On-Access General Policies must be configured to block the connection when a threatened file is detected in a shared folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM091 - McAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a threatened file is detected in a shared folder. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM092 - McAfee VirusScan On-Access General Policies must be configured to unblock connections after a minimum of 30 minutes. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM092 - McAfee VirusScan On-Access Scanner General Settings must be configured to unblock connections after a minimum of 30 minutes. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM093 - McAfee VirusScan On-Access General Policies must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM093 - McAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000010 - The Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000026 - The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| O112-N2-008601 - Disk space used by audit trail(s) must be monitored; audit records must be regularly or continuously offloaded to a centralized log management system. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-010290 - The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | DISA Oracle Linux 8 STIG v2r4 | Unix | MAINTENANCE |
| PANW-AG-000118 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002700 - PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-08-010290 - The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| SQL2-00-021300 - SQL Server must protect data at rest and ensure confidentiality and integrity of data. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-021300 - SQL Server must protect data at rest and ensure confidentiality and integrity of data. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-033500 - SQL Server or software monitoring SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| WDNS-CM-000010 - The Windows 2012 DNS Servers zone files must have NS records that point to active name servers authoritative for the domain specified in that record. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
