| 1.1.6 Ensure /dev/shm is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.12 Ensure /var/tmp partition includes the noexec option | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.2 Use Dedicated Least Privileged Account for MariaDB Daemon/Service | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Community Linux OS L1 v1.1.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL |
| 1.2.6.3 Ensure passcode have at least 1 number is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure AIDE is installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.4.2 Ensure permissions on bootloader config are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.22 Ensure 'Deny access to this computer from the network' to include 'Guests, Enterprise Admins Group, Domains Admins Group, Local account, and member of Administrators group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.24 Ensure 'Deny access to this computer from the network' to include 'Guests, Enterprise Admins Group, Domains Admins Group, Local account, and member of Administrators group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Deny access to this computer from the network' to include 'Guests, Enterprise Admins Group, Domains Admins Group, Local account, and member of Administrators group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 5.3 Ensure 'Login Auditing' is set to 'failed logins' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 5.35 Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 7.3 Ensure the Server's Private Key Is Protected | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 49.6 (L1) Ensure 'Interactive logon: Do not display last signed-in' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 49.6 (L1) Ensure 'Interactive logon: Do not display last signed-in' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Display Level 1 attachments | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Display Level 1 attachments | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Display Level 1 attachments | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005440-ESXI5-000078 - The system must not be used as a syslog server (log host) for systems external to the enclave - log host for systems external to the enclave | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - config | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - config | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000295 - The JBoss Password Vault must be used for storing passwords or other sensitive configuration information. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| Mitigating an attack using TCP profiles | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000099 - OHS must not have the ForceLanguagePriority directive enabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000106 - OHS must have the AddIconByType directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000110 - OHS must have the HeaderName directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000111 - OHS must have the IndexIgnore directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000198 - OHS must have the HostnameLookups directive enabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PANW-NM-000136 - The Palo Alto Networks security platform must employ centrally managed authentication server(s). | DISA STIG Palo Alto NDM v3r3 | Palo_Alto | CONFIGURATION MANAGEMENT |
| SQL4-00-016855 - SQL Server must have the Filestream feature disabled if it is unused. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SRG-OS-000158-ESXI5 - The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs with FIPS 140-2 approved crypto | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
