| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2 Ensure 'Use location' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L2 | MDM | ACCESS CONTROL |
| 2.2 Ensure 'Use location' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'debug' is turned off | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Ensure global .NET trust level is configured | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 7.7 (L1) Ensure Virtual Distributed Switch Netflow traffic is sent to an authorized collector | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 20.36 Ensure 'Members of the Backup Operators group have separate accounts for backup duties and normal operational tasks' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.36 Ensure 'Members of the Backup Operators group have separate accounts for backup duties and normal operational tasks' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| All network interfaces are operating in full-duplex mode | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017510 - AlmaLinux OS 9 must set the umask value to 077 for all local interactive user accounts. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-001002 The macOS system must be configured to audit all log on and log out events. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000380 - The Arista perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001000 - A BIND 9.x server implementation must be operating on a Current-Stable version as defined by ISC. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DG0074-ORACLE11 - Unapproved inactive or expired database accounts should not be found on the database. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| F5BI-DM-000013 - The BIG-IP appliance must provide automated support for account management functions. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUEX-RT-000410 - The Juniper perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000420 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000750 - The Juniper perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000270 - The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - prefix-list | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000330 - The Juniper perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000340 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000382 - The Juniper perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3255. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000017 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-N2-008601 - Disk space used by audit trail(s) must be monitored; audit records must be regularly or continuously offloaded to a centralized log management system. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL07-00-021040 - The Oracle Linux operating system must set the umask value to 077 for all local interactive user accounts. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-020352 - OL 8 must set the umask value to 077 for all local interactive user accounts. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000064 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010422 - RHEL 8 must disable virtual syscalls. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-020352 - RHEL 8 must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411025 - RHEL 9 must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000750 - Tomcat must use FIPS-validated ciphers on secured connectors. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000006 - vSphere Client must be configured to enable SSL/TLS. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| vNetwork : reject-forged-transmit - 'PortGroup' | VMWare vSphere 5.X Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-forged-transmit - 'vSwitch' | VMWare vSphere 5.X Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-05-000150 - Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users). | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000153 - Oracle WebLogic must authenticate users individually prior to using a group authenticator. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000153 - Oracle WebLogic must authenticate users individually prior to using a group authenticator. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000168 - Oracle WebLogic must encrypt passwords during transmission. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WDNS-CM-000012 - All authoritative name servers for a zone must be located on different network segments. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN10-UR-000085 - The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN16-CC-000050 - Source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| XenServer - All network interfaces are operating in full-duplex mode | TNS Citrix XenServer | Unix | |
