| 1.10 Set receive connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.10 Set receive connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2016 Edge v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.11 Set send connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.11 Set send connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2016 Edge v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS' | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.16 Set 'Turn on Connectivity logging' to 'True' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.16 Set 'Turn on Connectivity logging' to 'True' | CIS Microsoft Exchange Server 2016 Edge v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.2.46 Ensure 'Manage auditing and security log' is set to 'Administrators' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains | CIS Microsoft 365 Foundations v4.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains | CIS Microsoft 365 Foundations v4.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2022 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 20.13 (L1) Ensure 'Web browser is supported and secured' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-03-080101 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-011500 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-14-009700 - Apple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-15-011300 - Apple iOS/iPadOS 15 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-711300 - Apple iOS/iPadOS 16 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-711300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| Authentication Failure | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | |
| CIS_Microsoft_Edge_v3.0.0_L1.audit from CIS Microsoft Edge Benchmark v3.0.0 | CIS Microsoft Edge v3.0.0 L1 | Windows | |
| CIS_Microsoft_Edge_v3.0.0_L2.audit from CIS Microsoft Edge Benchmark v3.0.0 | CIS Microsoft Edge v3.0.0 L2 | Windows | |
| CIS_Sybase_15_0_v1_1_0_L1_OS_Windows.audit from Sybase ASE 15.0 Version 1.1.0 | CIS Sybase 15.0 L1 OS Windows v1.1.0 | Windows | |
| CIS_v1.1.0_Oracle_11g_OS_Unix_Linux_Level_1.audit from CIS Security Configuration Benchmark For Oracle Database Server 11g version 1.1.0 | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| CIS_v1.1.0_Oracle_11g_OS_Unix_Linux_Level_2.audit from CIS Security Configuration Benchmark For Oracle Database Server 11g version 1.1.0 | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000200 - Exchange Send connectors delivery retries must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000116 - Exchange send connectors delivery retries must be controlled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000122 - Active hyperlinks in messages from non .mil domains must be rendered unclickable. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000224 - The Exchange Edge server must point to a trusted list of DNS servers for external and internal resolution. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000234 - Exchange must provide redundancy. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000236 - Exchange internal Send connectors must require encryption. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000238 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000146 - Exchange antimalware agent must be enabled and configured. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000147 - The Exchange malware scanning agent must be configured for automatic updates. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
