| 1.9.1.1 Ensure 'NTP authentication' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Allow only trusted hosts in SNMPv3 | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Set 'key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.8 Set 'ip authentication key-chain eigrp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.5 Set 'ip rip authentication mode' to 'md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.4.1 Set 'neighbor password' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled - Show Wi-Fi status in menu bar | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Audit Wi-Fi Settings | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI046 - Logon options must be configured to prompt (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI136 - Logon options must be configured and enforced (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO421 - Session Initiation Protocol (SIP) security mode must be configured. | DISA STIG Microsoft Skype for Business 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP. | DISA STIG Microsoft Skype for Business 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 10.0 Site v2r11 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 8.5 Site v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000134 - The IIS 8.5 web server must use cookies to track session state. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001410 - The WebSphere Application Server DoD root CAs must be in the trust store. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001410 - The WebSphere Application Server DoD root CAs must be in the trust store. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
