| 1.4.1 Set 'password' for 'enable secret' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.5 Ensure system-auth is used when changing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| 9.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| AADC-CL-001320 - Adobe Acrobat Pro DC Classic Periodic downloading of Adobe certificates must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L2-000120 - The Arista Multilayer Switch must uniquely identify all network-connected endpoint devices before establishing any connection - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - aaa authentication dot1x default group | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000150 - The Arista Multilayer Switch must re-authenticate 802.1X connected devices every hour - dot1x timeout reauth-period 3600 | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000150 - The Arista Multilayer Switch must re-authenticate 802.1X connected devices every hour - logging level DOT1X informational | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000160 - The Arista Multilayer Switch must authenticate 802.1X connected devices before establishing any connection - aaa auth dot1x default group radius | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000160 - The Arista Multilayer Switch must authenticate 802.1X connected devices before establishing any connection - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - enforceSmartCard | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000049 - The system must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Honeywell Android 13 COPE v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Honeywell Android 13 COPE v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Honeywell Android 13 COPE v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006100 - Honeywell Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000840 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000850 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000230 - The Juniper router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-013700 - Oracle Database must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000540 - The Oracle Linux operating system must specify the default 'include' directory for the /etc/sudoers file - include | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010379 - OL 8 must specify the default "include" directory for the /etc/sudoers file. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010379 - RHEL 8 must specify the default "include" directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-212035 - RHEL 9 must disable virtual system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010109 - The SUSE operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA SLES 12 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-039020 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010244 - The Ubuntu operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| VCSA-80-000301 - The vCenter Server must not override port group settings at the port level on distributed switches. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : verify-vlan-id | VMWare vSphere 5.X Hardening Guide | VMware | |
