| 1.2.5 Disable the rhnsd Daemon | CIS Red Hat 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.5 Disable the rhnsd Daemon | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.5 Disable the rhnsd Daemon | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.2.5 Disable the rhnsd Daemon | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.4.4 Set IP address for 'logging host' | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Ensure 'BGP authentication' is enabled | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure rsh client is not installed | CIS Debian Family Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 Set IP address for 'logging host' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 Set IP address for 'logging host' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.2 Ensure rsh client is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - checked regularly | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - valid | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure Legacy EFI Is Valid and Updating - valid | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.14 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL |
| 3.11 Only enable other RPC-based services if absolutely necessary - Ensure file /etc/rc2.d/S71rpc does NOT exist. | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 5.2.9 Ensure minimum password length is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.8 Ensure only needed ports are open on the container | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Ensure privileged ports are not mapped within containers | CIS Docker v1.7.0 L1 Docker - Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Open only needed ports on container | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Open only needed ports on container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.23 (L1) Virtual machines must restrict sharing of memory pages with other VMs | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 12.20 Monitor for development on production databases - 'Prevent development on production databases' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 12.22 Developer access to production databases - 'Disallow' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| AIX7-00-002101 - AIX must monitor and record unsuccessful remote logins. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AOSX-13-001145 - All setuid executables on the macOS system must be documented. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000130 - The Cisco router must be configured to restrict traffic destined to itself. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000310 - The Cisco perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000310 - The Cisco perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000310 - The Cisco perimeter switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBC-0002 - Site tracking users location must be disabled. | DISA STIG Google Chrome v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000215 - Exchange messages with malformed From address must be rejected. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000240 - The Exchange tarpitting interval must be set. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000430 - Exchange messages with a malformed From address must be rejected. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000430 - Exchange messages with a malformed From address must be rejected. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000133 - Exchange messages with a malformed From address must be rejected. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000135 - The Exchange tarpitting interval must be set. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FNFG-FW-000145 - The FortiGate firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Fortigate Firewall STIG v1r3 | FortiGate | CONFIGURATION MANAGEMENT |
