| 6.7 Ensure subnets for the App tier are created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4.7 Disable Guest Host Interaction Protocol Handler | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.15 Ensure Unity is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.19 (L2) Ensure Guest Host Interaction Launch Menu is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.3.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.3.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.3.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.3.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.6.8.1 (L1) Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.2 (L1) Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.6 (L1) Ensure 'Mandate the minimum version of SMB' is set to 'Enabled: 3.1.1' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.6 (L1) Ensure 'Mandate the minimum version of SMB' is set to 'Enabled: 3.1.1' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.4.1 (L1) Ensure 'Enable EDR in block mode' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| AMLS-L2-000120 - The Arista Multilayer Switch must uniquely identify all network-connected endpoint devices before establishing any connection - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000150 - The Arista Multilayer Switch must re-authenticate 802.1X connected devices every hour - logging level DOT1X informational | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000160 - The Arista Multilayer Switch must authenticate 802.1X connected devices before establishing any connection - aaa auth dot1x default group radius | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000060 - The Cisco switch must be configured for authorized users to select a user session to capture. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000140 - The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000140 - The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000160 - The Cisco switch must have Storm Control configured on all host-facing switchports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000180 - The Cisco switch must implement Rapid Spanning Tree Protocol (STP) where VLANs span multiple switches with redundant links. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONTINGENCY PLANNING |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000257 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - JAVA_OPTIONS | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - PRE_CLASSPATH | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WNDF-AV-000031 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000040 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High - 4>2 | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNDF-AV-000042 - Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low - Enabled | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
