| 1.5 Ensure System Data Files and Security Updates Are Downloaded Automatically Is Enabled - 'ConfigDataInstall' | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 Ensure 'Allow log on locally' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.26 Ensure 'Deny log on as a batch job' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.30 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.4.1 Ensure 'Allow simple value' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.1 Ensure 'Allow simple value' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.4.1 Ensure 'Allow simple value' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.1 Ensure 'Allow simple value' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.3 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.6.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | ACCESS CONTROL |
| 3.6.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | ACCESS CONTROL |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.140 - The HBSS McAfee Agent is not installed. - FrameworkService | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.140 - The HBSS McAfee Agent is not installed. - masvc | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| DG0096-ORACLE11 - The DBMS IA policies and procedures should be reviewed annually or more frequently. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-EG-000010 - Exchange servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-EG-000035 - Exchange Connectivity logging must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-EG-000075 - The Exchange local machine policy must require signed scripts. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | CONFIGURATION MANAGEMENT |
| EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000100 - Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000120 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000135 - Exchange Receive connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000140 - Exchange Receive connectors must be clearly named. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000145 - Exchange Receive connectors must control the number of recipients chunked on a single message. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000175 - Exchange filtered messages must be archived. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000210 - The Exchange Block List service provider must be identified. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000215 - Exchange messages with malformed From address must be rejected. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000250 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000255 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000265 - Exchange must have antispam filtering installed. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes. | DISA STIG AIX 5.3 v1r2 | Unix | RISK ASSESSMENT |
| HP ProCurve - 'Enable DHCP snooping' | TNS HP ProCurve | HPProCurve | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
