| 1.1.4.2 command accounting | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.12 Ensure host-based intrusion detection tool is used | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.12 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v2.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9.2 (L1) Ensure 'Enable leak detection for entered credentials' Is Set to 'Enabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1.1.4 Ensure use enhanced weak password detection is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.26 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 26 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.5 Enable grayware detection on antivirus | CIS FortiGate 7.4.x v1.0.1 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.5 Enable grayware detection on antivirus | CIS Fortigate 7.0.x v1.4.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.7 Enable CDR for proxy mode on XLSB, OpenOffice, and RTF files | CIS FortiGate 7.4.x v1.0.1 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA Cisco IOS XE Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'tns services are using correct service account' | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | ACCESS CONTROL |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG for Oracle Linux 5 v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-090120 - The operating system must prevent non-privileged users from circumventing malicious code protection capabilities. | DISA Solaris 11 SPARC STIG v3r4 | Unix | ACCESS CONTROL |
| SOL-11.1-090120 - The operating system must prevent non-privileged users from circumventing malicious code protection capabilities. | DISA Solaris 11 X86 STIG v3r4 | Unix | ACCESS CONTROL |
| SOL-11.1-090130 - The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-090130 - The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SonicWALL - Security Services - Gateway AV - Enabled | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000320 - Symantec ProxySG must enable Attack Detection. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000022 - Servers must have a host-based Intrusion Detection System. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000006 - Microsoft Defender AV must be configured to not exclude files opened by specified processes. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000008 - Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000014 - Microsoft Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000015 - Microsoft Defender AV must be configured to not allow override of scanning for downloaded files and attachments. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000020 - Microsoft Defender AV must be configured to scan all downloaded files and attachments. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000023 - Microsoft Defender AV must be configured to process scanning when real-time protection is enabled. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000031 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000032 - Microsoft Defender AV must be configured to block executable content from email client and webmail. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000036 - Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000037 - Microsoft Defender AV must be configured to block execution of potentially obfuscated scripts. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000038 - Microsoft Defender AV must be configured to block Win32 imports from macro code in Office. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000040 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000041 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000044 - Microsoft Defender AV must block credential stealing from the Windows local security authority subsystem. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000065 - Microsoft Defender AV must enable real-time protection and Security Intelligence Updates during OOBE. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND INFORMATION INTEGRITY |
