| 1.2.2 Ensure 'Host Name' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.6 Audit Find My Mac | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.6 Audit Find My Mac | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure intrusion prevention is enabled for untrusted interfaces | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.4.13 Ensure application security feature is enabled | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure Audit Logging Is Enabled - audit_log_user | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 80.4 (L2) Ensure 'Disable Enterprise Auth Proxy' is set to 'Enable' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 80.4 (L2) Ensure 'Disable Enterprise Auth Proxy' is set to 'Enable' | CIS Microsoft Intune for Windows 11 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - WinRM Client | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000600 - The Cisco MPLS switch must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000150 - Exchange must protect audit data against unauthorized deletion. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000197 - Exchange software must be monitored for unauthorized changes. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| GEN003540 - The system must implement non-executable program stacks - 'kernel.exec-shield' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| HONW-09-008700 - Honeywell Mobility Edge Android Pie devices users must complete required training. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-008700 - Honeywell Mobility Edge Android Pie devices users must complete required training. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-009800 - Honeywell Mobility Edge Android Pie devices work profile must be configured to disable automatic completion of workspace internet browser text input. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010400 - Honeywell Mobility Edge Android Pie devices must configured to disallow outgoing beam. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010400 - Honeywell Mobility Edge Android Pie devices must configured to disallow outgoing beam. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010400 - Honeywell Mobility Edge Android Pie devices must configured to disallow outgoing beam. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUNI-RT-000640 - The Juniper PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm - key-chain | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.5.2v1 - Only administrators SHALL be allowed to consent to applications. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MSCT_Microsoft_Edge_Version_81_v1.0.0.audit from MSCT Microsoft Edge Version 81 Security Baseline | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_87_v1.0.0.audit from MSCT Microsoft Edge Version 87 Security Baseline | MSCT Edge v87 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_89_v1.0.0.audit from MSCT Microsoft Edge Version 89 Security Baseline | MSCT Edge v89 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_91_v1.0.0.audit from MSCT Microsoft Edge Version 91 Security Baseline | MSCT Edge v98 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_91_v1.0.0.audit from MSCT Microsoft Edge Version 91 Security Baseline | MSCT edge v96 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_128_v1.0.0.audit from MSCT Microsoft Edge Version 128 Security Baseline | MSCT Edge v128 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_129_v1.0.0.audit from MSCT Microsoft Edge Version 129 Security Baseline | MSCT Edge v129 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_133_v1.0.0.audit from MSCT Microsoft Edge Version 133 Security Baseline | MSCT Edge v133 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_136_v1.0.0.audit from MSCT Microsoft Edge Version 136 Security Baseline | MSCT Edge v136 v1.0.0 | Windows | |
| O19C-00-013800 - Oracle Database must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000079 - The system must limit the ability of processes to have simultaneous write and execute access to memory. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000018 - vSphere UI must restrict its cookie path. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WINUR-000020 - The Deny log on locally user right must be configured to prevent access from highly privileged accounts. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| WN10-UR-000070 - The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN16-DC-000340 - The Access this computer from the network user right must only be assigned to the Administrators, Authenticated Users, and Enterprise Domain Controllers groups on domain controllers. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-MS-000110 - Windows Server 2019 'Deny log on locally' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
