| 1.1.6 Ensure nosuid option set on /var partition | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.7 Ensure noexec option set on /var partition | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.2 Ensure local login warning banner is configured properly - banner check | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.3 Ensure remote login warning banner is configured properly | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.3 Ensure remote login warning banner is configured properly | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - banner | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - banner text | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - mrsv | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - mrsv | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly - mrsv | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - platform flags | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - banner text | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - mrsv | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - mrsv | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - mrsv | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - platform flags | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.4 Ensure remote login warning banner is configured properly - banner text | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.4 Ensure remote login warning banner is configured properly - banner text | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.8.1.3 Ensure remote login warning banner is configured properly | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.2.3 Ensure secure ICMP redirects are not accepted | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.3 Ensure logging is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.1 Ensure journald is configured to compress large log files | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.21 Ensure SSH MaxStartups is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure system accounts are secured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 5.13 Disable ability to login to another user's active and locked session | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1.6 Ensure permissions on /etc/shadow- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.7 Ensure all users' home directories exist | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| ALMA-09-020260 - AlmaLinux OS 9 must not forward source-routed packets. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-033350 - AlmaLinux OS 9 must have the opensc package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035210 - AlmaLinux OS 9 must have the USBGuard package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-044680 - AlmaLinux OS 9 must enable mitigations against processor-based vulnerabilities. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-14-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-14-001001 The macOS system must be configured to audit all administrative action events. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-14-003030 The macOS system must allow smart card authentication. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-001130 - The macOS system must configure audit_control owner to mode 440 or less permissive. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000124 - The IIS 8.5 web server must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled - MIME that invoke OS shell programs disabled | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| PHTN-30-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030650 - The SUSE operating system must have the auditing package installed. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| UBTU-16-020330 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-18-010244 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
