| 2.1 Ensure 'Protect RE' Firewall Filter is set for inbound traffic to the Routing Engine | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.7.3 (L1) Ensure 'Audit insecure guest logon' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| Android Compliance Policy - Block USB debugging on device | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Compliance Policy - Number of previous passwords to prevent reuse | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Compliance Policy - Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Device Configuration - Browser Pop-ups | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Encryption | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | SYSTEM AND COMMUNICATIONS PROTECTION |
| Android Device Configuration - Encryption on storage cards | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Device Configuration - Maximum minutes of inactivity until screen locks | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Device Configuration - NFC | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Password expiration (days) | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Device Configuration - Removable storage | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Device Configuration - Wi-Fi tethering | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Copy and paste between work and personal profiles | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Prevent app installations from unknown sources in the personal profile | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Require Work Profile Password | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Work Profile Password expiration (days) | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| iOS Compliance Policy - Block Simple Passwords | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Compliance Policy - Minimum password length | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| iOS Compliance Policy - Number of non-alphanumeric characters in password | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| iOS Device Management - Explicit iTunes music, podcast, or news content | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Join Wi-Fi networks only using configuration profiles | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| iOS Device Management - Maximum minutes of inactivity until screen locks | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| iOS Device Management - Personal Hotspot | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Safari Pop-ups | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Siri Disabled | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| iOS Device Management - Treat AirDrop as an unmanaged destination | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| macOS Compliance Policy - Require system integrity protection | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL |
| macOS Device Management - Block simple passwords | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| macOS Device Management - Encryption of data storage on device | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL |
| macOS Device Management - Minimum password length | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000205 - OHS must have the RewriteLogLevel directive set to the proper log level. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SonicWALL - IDP ON - DMZ | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - IDP ON - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - IDP ON - WAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - IDP ON - WLAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - IDP - Activated | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - IDP - Signature DB Present | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - runtime | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
