| 2.2.1 Enable 'Set time and date automatically' - Set time and date automatically | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Enable 'Set time and date automatically' - Set time and date automatically | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure 'Set time and date automatically' Is Enabled - Set time and date automatically | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure Network Access Rules are set to Deny-by-default | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.39 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.39 Ensure 'Profile single process' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.39 Ensure 'Profile single process' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.40 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.43 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.7 Ensure internal sources are blocked on external networks | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 89.26 (L1) Ensure 'Profile Single Process' is set to 'Administrators' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.29 (L1) Ensure 'Profile Single Process' is set to 'Administrators' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ALMA-09-045450 - AlmaLinux OS 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| DTAM091 - McAfee VirusScan On-Access General Policies must be configured to block the connection when a threatened file is detected in a shared folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM091 - McAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a threatened file is detected in a shared folder. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM092 - McAfee VirusScan On-Access General Policies must be configured to unblock connections after a minimum of 30 minutes. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM092 - McAfee VirusScan On-Access Scanner General Settings must be configured to unblock connections after a minimum of 30 minutes. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM093 - McAfee VirusScan On-Access General Policies must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM093 - McAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000010 - The Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000026 - The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| MYS8-00-009900 - The MySQL Database Server 8.0 must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O112-N2-008601 - Disk space used by audit trail(s) must be monitored; audit records must be regularly or continuously offloaded to a centralized log management system. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000219 - OHS must be segregated from other services - OHS must be segregated from other services. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010290 - The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms. | DISA Oracle Linux 8 STIG v2r4 | Unix | MAINTENANCE |
| OL09-00-000301 - OL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator (SA) when anomalies in the operation of any security functions are discovered. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002700 - PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-021300 - SQL Server must protect data at rest and ensure confidentiality and integrity of data. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-011310 - Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-021300 - SQL Server must protect data at rest and ensure confidentiality and integrity of data. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-033500 - SQL Server or software monitoring SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-011100 - SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| WG204 A22 - A web server must be segregated from other services. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
