| 2.2 Disable/Modify Default Accts - 'SNMP default community strings have been removed' | TNS NetApp Data ONTAP 7G | NetApp | |
| 2.2.4 Ensure CUPS is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure CUPS is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 3.4 Enable Strong TCP Sequence Number Generation - Enforce Strong TCP Sequence Number Generation setting (TCP_STRONG_ISS = 2). | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 8.4.2 Ensure Autologon is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.4.7 Disable Guest Host Interaction Protocol Handler | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.10 Ensure Unity Window Contents is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.11 (L2) Ensure Shell Action is disabled | CIS VMware ESXi 7.0 v1.4.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.12 Disable Drag and Drop Version Get | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 Disable Drag and Drop Version Set | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 (L2) Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 7.0 v1.4.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 Disable GetCreds | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.23 Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO113 - Excel - Open/Save actions for Excel 2 macrosheets and add-in files must be blocked. | DISA STIG Office 2010 Excel v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000140-2 - A file integrity baseline including cryptographic hashes must be created - '/etc/aide.conf must exist' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.daily/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.hourly/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.monthly/*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.weekly/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN005307 - SNMP must require the use of a FIPS 140-2 encryption algorithm for protecting the privacy of SNMP messages. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN005307 - The SNMP service must require the use of a FIPS 140-2 approved encryption algorithm for protecting the privacy of SNMP messages. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| O365-EX-000007 - Open/save of Excel 2 macrosheets and add-in files must be blocked. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000253 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000064 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000067 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
