| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.203 - Prohibit Network Bridge in Windows | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_STIG.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L1_Workstation.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_9_v2.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN003540 - The system must implement non-executable program stacks - 'kernel.exec-shield' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN003540 - The system must implement non-executable program stacks - 'kernel.randomize_va_space' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000079 - The system must limit the ability of processes to have simultaneous write and execute access to memory. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020220 - The operating system must be configured to provide essential capabilities. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020230 - The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020230 - The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-100040 - The audit system must identify in which zone an event occurred. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-100050 - The audit system must maintain a central audit trail for all zones. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| WN12-CC-000004 - Network Bridges must be prohibited in Windows. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000004 - Network Bridges must be prohibited in Windows. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
