| 1.1.3 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.1.3 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.1.3 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.2.4 Disable the rhnsd Daemon | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that authorization is enabled for Cassandra databases | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure that authorization is enabled for Cassandra databases | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 2.9 Set 'Enter the Secure Folder path' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 (L1) Host should deactivate SSH | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 6.1 Perform regular security audits of your host system and containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | |
| 6.2 Ensure a DNS alias record for the root domain | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Set Password Expiration Parameters on Active Accounts | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.23 (L1) Virtual machines must restrict sharing of memory pages with other VMs | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.5.3 (L1) Ensure only people in my org can bypass the lobby | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 8.5.3 (L1) Ensure only people in my org can bypass the lobby | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| ARST-RT-000450 - The Arista perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v132 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v136 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v137 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v128 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v117 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v133 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v124 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v127 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v134 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v135 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v129 v1.0.0 | Windows | |
| Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode | MSCT Edge v131 v1.0.0 | Windows | |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Group Policy | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Rules | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - network-object | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - URF | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000310 - The Cisco perimeter switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000480 - The Exchange tarpitting interval must be set. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SQL6-D0-018200 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - '-ExecCGI' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'AddHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'SetHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG170 IIS6 - Each readable web document directory must contain a default, home, index or equivalent file. - 'DefaultDoc' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
