| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.5.1.1 Ensure External Intelligence Extensions Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.003 - Booting into alternate operating systems is permitted. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 8.1.7 Record Events That Modify the System's Mandatory Access Controls | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - Unsigned Applications | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002230 The macOS system must disable dictation. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002230 - The macOS system must disable Dictation. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000150 - The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| PHTN-67-000045 - The Photon operating system must audit all account modifications - gshadow | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000045 - The Photon operating system must audit all account modifications - passwd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000050 - The Photon operating system audit files and directories must have correct permissions - auditctl | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - auditd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - aureport | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - ausearch | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000051 - The Photon operating system must protect audit tools from unauthorized modification - autrace | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000059 - The Photon operating system must configure a cron job to rotate auditd logs daily - bash | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000059 - The Photon operating system must configure a cron job to rotate auditd logs daily - restart | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000063 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000067 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000069 - The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000077 - The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000080 - The Photon operating system must create a home directory for all new local interactive user accounts. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000081 - The Photon operating system must disable the debug-shell service. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000083 - The Photon operating system must configure sshd to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000084 - The Photon operating system must configure sshd to disable environment processing. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000085 - The Photon operating system must configure sshd to disable X11 forwarding. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000089 - The Photon operating system must configure sshd to disallow authentication with an empty password. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000092 - The Photon operating system must configure sshd to ignore user-specific trusted hosts lists. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000096 - The Photon operating system must be configured so that the /etc/skel default scripts are protected from unauthorized modification - bashrc | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000099 - The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000101 - The Photon operating system must be configured so that the /etc/cron.allow file is protected from unauthorized modification. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000103 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification - cron.daily | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000103 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification - cron.weekly | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv4.conf.default.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv6.conf.default.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000106 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted - net.ipv4.conf.all.accept_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv4.conf.all.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000124 - The Photon operating system must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| SonicWALL - Flood Protection - Layer 2 - Threshold | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - Layer 2 - WAN machines | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
