| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | |
| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | |
| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.9 Ensure unused filesystems kernel modules are not available | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.10 Ensure unused filesystems kernel modules are not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'Sender reputation' is configured | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Set 'Allow hyperlinks in suspected phishing e- mail messages' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to Disabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Restrict Recursive Queries - Authoritative Name Server | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Restrict Recursive Queries - Authoritative Name Server | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Restrict Recursive Queries - Caching Name Server | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'ErrorLog is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'ErrorLog is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| Disable unused network ports | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTOO277 - Hyperlinks in suspected phishing email messages must be disallowed. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO277 - Outlook - Hyperlinks in suspected phishing e-mail messages must be disallowed. | DISA STIG Office 2010 Outlook v1r14 | Windows | CONFIGURATION MANAGEMENT |
| EPAS-00-007400 - The EDB Postgres Advanced Server must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | ACCESS CONTROL |
| JUSX-AG-000147 - The Juniper SRX Services Gateway Firewall must generate an alert that can be forwarded to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources are detected. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-DM-000059 - The Juniper SRX Services Gateway must generate an immediate system alert message to the management console when a log processing failure is detected. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| MADB-10-006800 - MariaDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | ACCESS CONTROL |
| MD7X-00-006800 MongoDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | ACCESS CONTROL |
| MYS8-00-010700 - The MySQL Database Server 8.0 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| O19C-00-012400 - Oracle Database must set the maximum number of consecutive invalid logon attempts to three. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-017600 - The DBMS must terminate user sessions upon user logoff or any other organization or policy-defined session termination events, such as idle time limit exceeded. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000102 - The Palo Alto Networks security platform must protect against denial-of-service (DoS) attacks from external sources - DoS attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-007400 - The EDB Postgres Advanced Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| SQL4-00-032500 - SQL Server must prevent non-privileged users from executing privileged functionality, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-010400 - SQL Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | ACCESS CONTROL |
