| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Configure Netflow on Strategic Ports | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.6.6.6.2.6 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Validate Proxy Settings | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl '/etc/hosts' | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl '/etc/issue' | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl 'issue.net' | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl issue | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl issue | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl network | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - sethostname (32-bit) | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - sethostname setdomainname x64 | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Ensure Common SNMP Community Strings are NOT used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.5 (L1) Ensure approval is required for Privileged Role Administrator activation | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.8.7.1.1 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.1 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.1 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| DTAVSEL-101 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000031 - The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | ACCESS CONTROL |
| FireEye - Usernames list | TNS FireEye | FireEye | ACCESS CONTROL |
| Fortigate - Disable auto USB installation - 'config' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005504 - The SSH daemon must only listen on management network addresses unless authorized for uses other than management. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUNI-RT-000270 - The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - prefix-list | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Limits print driver installation to Administrators | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| List crash dumps | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000293 - Wireless network adapters must be disabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000105 - The Palo Alto Networks security platform must use a Vulnerability Protection Profile that blocks any critical, high, or medium threats. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| Review the list of Rackspace Tenants | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| RHEL-07-040470 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow compression or only allows compression after successful authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000500 - If reverse proxy is used for validating and restricting certs from external entities, and this function is required by the SSP, Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of protected sessions. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6028 IIS6 - The Shutdown worker processes Idle Timeout monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000018 - Microsoft Defender AV must monitor for incoming and outgoing files. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
