| 2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.8 (L1) Ensure 'Allow log on locally' is set to 'Administrators' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 3.084 - The system is configured to use an unauthorized time server. - 'NTPServer' | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.010 - User rights assignments must meet minimum requirements. - Allow log on locally | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.010 - User rights assignments must meet minimum requirements. - Backup files and directories | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.010 - User rights assignments must meet minimum requirements. - Change the time zone | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.010 - User rights assignments must meet minimum requirements. - Profile system performance | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.010 - User rights assignments must meet minimum requirements. - Shut down the system | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 49.12 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Citrix ADC - NTP - Authentication | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | AUDIT AND ACCOUNTABILITY |
| Citrix ADC - SNMP - Community names | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | IDENTIFICATION AND AUTHENTICATION |
| Citrix ADC - System Parameters - Local Authentication | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | ACCESS CONTROL |
| Citrix ADC - System Parameters - Minimum Password Length | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | IDENTIFICATION AND AUTHENTICATION |
| Citrix ADC - System Parameters - Strong Password | Tenable Best Practice Citrix ADC v1.0.0 | Citrix_Application_Delivery | IDENTIFICATION AND AUTHENTICATION |
| Citrix ADM - NTP - Servers count | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | AUDIT AND ACCOUNTABILITY |
| Citrix ADM - SSL - Settings - SSL v3 | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | SYSTEM AND COMMUNICATIONS PROTECTION |
| Citrix ADM - System Settings - Disable Shell access for non-nsroot User | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | CONFIGURATION MANAGEMENT |
| Citrix ADM - User Administration - Password Policy - Enable User Lockout | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | ACCESS CONTROL |
| Citrix ADM - User Administration - Password Policy - Minimum Length | Tenable Best Practice Citrix ADM v1.0.0 | Citrix_Application_Delivery | IDENTIFICATION AND AUTHENTICATION |
| Configure an IPsec Static Route | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Content of Audit Records - Configure disk logging - enable | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Enable IKE Version 1/2 - group | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable IKE Version 1/2 - rekey | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Event Logging - Configure remote syslog - server | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Flaw Remediation - Review version of running image | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | SYSTEM AND INFORMATION INTEGRITY |
| Identification and Authentication - Use out of band authentication - AAA - netconf logging | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Admin Authentication Order | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Server IP | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Server IP | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Secure Name/address Resolution Service - Configure DNS servers - Secondary | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Session Termination - Configure Idle CLI timeout | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | ACCESS CONTROL |
| System Backup - Enable Backups - interval | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | CONTINGENCY PLANNING |
| Time Stamps - Enable NTP - remote server | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Turn on e-mail scanning | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on e-mail scanning | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| vEdge Modify IKE Dead-Peer Detection | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
