| 1.4.1 Set 'password' for 'enable secret' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure Condition | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.4.5 Ensure system-auth is used when changing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 20.22 Ensure 'Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.22 Ensure 'Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.22 Ensure 'Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CL-000210 - Adobe Acrobat Pro DC Classic Enhanced Security for browser mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L2-000120 - The Arista Multilayer Switch must uniquely identify all network-connected endpoint devices before establishing any connection - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - aaa authentication dot1x default group | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - enforceSmartCard | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000110 - The Juniper router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000840 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000850 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000230 - The Juniper router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000440 - The Juniper router must be configured to only permit management traffic that ingresses and egresses the OOBM interface - Outbound | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000540 - The Oracle Linux operating system must specify the default 'include' directory for the /etc/sudoers file - include | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010379 - OL 8 must specify the default "include" directory for the /etc/sudoers file. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000067 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010379 - RHEL 8 must specify the default "include" directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-212035 - RHEL 9 must disable virtual system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010109 - The SUSE operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SQL6-D0-018100 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001220 - $CATALINA_BASE/conf/ folder must be owned by root, group tomcat. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| UBTU-20-010244 - The Ubuntu operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-22-654235 - Ubuntu 22.04 LTS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| VCWN-65-000017 - The vCenter Server for Windows must not override port group settings at the port level on distributed switches. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
