| 1.1.1.1.7 Ensure enhanced weak passcode detection is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.2.5 Enable grayware detection on antivirus | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Kubernetes_v1.24_v1.0.0_Level_1_Master.audit from CIS Kubernetes v1.24 Benchmark v1.0.0 | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| CIS_MongoDB_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0 | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | |
| CIS_MongoDB_Benchmark_Level_2_OS_Unix_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0 | CIS MongoDB L2 Unix Audit v1.0.0 | Unix | |
| CIS_PostgreSQL_10_v1.0.0_L1_DB.audit from CIS PostgreSQL 12 Benchmark v1.0.0 | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | |
| CIS_PostgreSQL_11_v1.0.0_L1_DB.audit from CIS PostgreSQL 12 Benchmark v1.0.0 | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | |
| CIS_PostgreSQL_17_v1.0.0_L1_Database.audit from CIS PostgreSQL 17 Benchmark v1.0.0 | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | |
| CIS_PostgreSQL_17_v1.0.0_L1_OS_Linux.audit from CIS PostgreSQL 17 Benchmark v1.0.0 | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| SOL-11.1-090120 - The operating system must prevent non-privileged users from circumventing malicious code protection capabilities. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-090120 - The operating system must prevent non-privileged users from circumventing malicious code protection capabilities. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-090130 - The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-090130 - The operating system must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000080 - Symantec ProxySG must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000100 - Symantec ProxySG providing user access control intermediary services must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000120 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur - policy rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000130 - Symantec ProxySG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000160 - Symantec ProxySG must produce audit records containing information to establish when (date and time) the events occurred. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000190 - Symantec ProxySG must produce audit records containing information to establish the outcome of the events. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - Server | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Policy Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - siteminder | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - xml | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000350 - Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000380 - Symantec ProxySG providing user authentication intermediary services must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000390 - Symantec ProxySG must prohibit the use of cached authenticators after 300 seconds at a minimum - coreid | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000390 - Symantec ProxySG must prohibit the use of cached authenticators after 300 seconds at a minimum - siteminder | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000500 - If reverse proxy is used for validating and restricting certs from external entities, and this function is required by the SSP, Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000590 - Symantec ProxySG must tailor the Exceptions messages to generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limits | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent - email addresses | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - ICAP queued | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Memory Utilization | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 0:0 Utilization | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 1:0 Utilization | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - NW 2:0 Utilization | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000210 - Symantec ProxySG must configure the maintenance and health monitoring to send an alarm when a critical condition occurs for a component - Thresholds | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000290 - The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
| WN12-GE-000022 - Servers must have a host-based Intrusion Detection System. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000009 - Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WNDF-AV-000013 - Microsoft Defender AV must be configured to not allow local override of monitoring for file and program activity. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000031 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000040 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High - 4>2 | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000040 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000041 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium - 2>2 | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000041 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000042 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low - 1>2 | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000042 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
