| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure that IP addresses are mapped to usernames | CIS Palo Alto Firewall 11 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames - Zones | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.7 Ensure VPC flow logging is enabled in all VPCs | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.8.1 (L1) Ensure that password hash sync is enabled for hybrid deployments | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 49.20 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL |
| 49.20 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL |
| CD12-00-002700 - PostgreSQL must provide an immediate alert to appropriate support staff of all audit log failures. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| DTBC-0061 - Chrome Cleanup reporting must be disabled. | DISA STIG Google Chrome v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000060 - For local logging, the Juniper SRX Services Gateway must generate a message to the system management console when a log processing failure occurs. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| O19C-00-006000 - Oracle Database must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle Database 19c STIG v1r1 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-005000 - The DBMS must have the capability to limit the number of failed login attempts based upon an organization-defined number of consecutive invalid attempts occurring within an organization-defined time period. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-005000 - The DBMS must set the maximum number of consecutive invalid logon attempts to three. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL08-00-010295 - The OL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PANW-AG-000118 - The Palo Alto Networks security platform must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010290 - The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-010291 - The RHEL 8 operating system must implement DOD-approved encryption to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-010295 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-010297 - RHEL 8 SSH client must be configured to use only ciphers employing FIPS 140-3 validated cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| SQL4-00-011320 - Where SQL Server Audit is in use at the database level, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the database level. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010044 - The Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
