| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 4.10 Ensure That App Engine Applications Enforce HTTPS Connections | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.1 Ensure GKE clusters are not running using the Compute Engine default service account | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.71 Ensure 'Windows PowerShell 2.0' is 'not installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002081 - AIX time synchronization configuration file must be owned by root. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002090 - AIX time synchronization configuration file must have mode 0640 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| Allow log on through Remote Desktop Services | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| DKER-EE-003340 - Log aggregation/SIEM systems must be configured to notify SA and ISSO on Docker Engine - Enterprise audit failure events. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by bin, sys, or system. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by root, bin, or sys - such as /etc/ntp.conf must be group-owned by root, bin, sys, or system. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by root, bin, sys, or system. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000205 - OHS must have the RewriteLogLevel directive set to the proper log level. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PANW-NM-000131 - The Palo Alto Networks security platform must use automated mechanisms to alert security personnel to threats identified by authoritative sources (e.g., CTOs) and IAW CJCSM 6510.01B. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Security Services - IDP - Enabled | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SRG-OS-000056-ESXI5 - The system must use time sources local to the enclave. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCWN-65-000062 - The vCenter Server for Windows must enable Login banner for vSphere web client. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN10-00-000155 - The Windows PowerShell 2.0 feature must be disabled on the system. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000155 - The Windows PowerShell 2.0 feature must be disabled on the system. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
