| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.7 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher - Negotiate signing or higher | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.8 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.3 Ensure Encryption of Data at Rest | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure Encryption of Data at Rest | CIS MongoDB 3.6 L2 Windows Audit v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server v1909 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - WinRM Client | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - WinRM Client | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| CIS Control 6 (6.2(a)) Activate Audit Logging | CAS Implementation Group 1 Audit File | Unix | AUDIT AND ACCOUNTABILITY |
| CIS Control 10 (10.1) Ensure Regular Automated Backups | CAS Implementation Group 1 Audit File | Unix | CONTINGENCY PLANNING |
| CIS Microsoft IIS 8 Benchmark v1.5.1 Level 1 | CIS IIS 8.0 v1.5.1 Level 1 | Windows | |
| CIS_AlmaLinux_OS_9_v2.0.0_L2_Server.audit from CIS AlmaLinux OS 9 Benchmark v2.0.0 | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | |
| CIS_Amazon_Linux_2023_v1.0.0_L1_Server.audit from CIS Amazon Linux 2023 Benchmark v1.0.0 | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | |
| CIS_Apache_Cassandra_3.11_v1.0.0_L1_OS_Unix.audit from CIS Apache Cassandra 3.11 Benchmark v1.0.0 | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | |
| CIS_Apache_Tomcat_9_L1_v1.2.0.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | |
| CIS_Bottlerocket_v1.0.0_L2.audit from CIS Bottlerocket Benchmark Level 2 | CIS Bottlerocket L2 | Unix | |
| CIS_CentOS_Linux_7_v4.0.0_L1_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Debian_Linux_11_v2.0.0_L2_Workstation.audit from CIS Debian Linux 11 Benchmark v2.0.0 | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | |
| CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Windows.audit from CIS DB2 10.x Windows OS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Linux.audit from CIS IBM DB2 11 v1.1.0 Benchmark | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | |
| CIS_MacOS_Safari_Benchmark_v2.0.0_L2.audit from CIS MacOS Safari Benchmark v2.0.0 | CIS MacOS Safari v2.0.0 L2 | Unix | |
| CIS_Oracle_Server_18c_v1.1.0_L1_Linux.audit from CIS Oracle Database 18c Benchmark v1.1.0 | CIS Oracle Server 18c Linux v1.1.0 | Unix | |
| CIS_Oracle_Server_19c_v1.2.0_L1_Linux.audit from CIS Oracle Database 19c Benchmark v1.2.0 | CIS Oracle Server 19c Linux v1.2.0 | Unix | |
| CIS_Ubuntu_20.04_LTS_v2.0.1_L1_Server.audit from CIS Ubuntu Linux 20.04 LTS Benchmark | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | |
| CISC-RT-000600 - The Cisco MPLS switch must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| EX19-MB-000132 - The Exchange Outbound Connection Timeout must be 10 minutes or less. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000135 - Exchange internal receive connectors must not allow anonymous connections. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| HONW-09-009000 - Honeywell Mobility Edge Android Pie devices must have the DoD root and intermediate PKI certificates installed. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-009200 - The Honeywell Mobility Edge Android Pie device Work Profile must be configured to prevent users from adding personal email accounts to the work email app. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MS.EXO.6.1v1 - Contact folders SHALL NOT be shared with all domains. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.8.2v2 - The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.10.1v1 - Emails SHALL be scanned for malware. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.10.2v1 - Emails identified as containing malware SHALL be quarantined or dropped. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.12.1v1 - IP allow lists SHOULD NOT be created. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| MS.EXO.14.3v1 - Allowed domains SHALL NOT be added to inbound anti-spam protection policies. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.16.1v1 - At a minimum, the following alerts SHALL be enabled: | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MSCT_Microsoft_Edge_Version_134_v1.0.0.audit from MSCT Microsoft Edge Version 134 Security Baseline | MSCT Edge v134 v1.0.0 | Windows | |
| OL6-00-000524 - The system must provide automated support for account management functions. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| SPLK-CL-000450 - Splunk Enterprise must only allow the use of DOD-approved certificate authorities for cryptographic functions. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| WN10-PK-000005 - The DoD Root CA certificates must be installed in the Trusted Root Store. | DISA Microsoft Windows 10 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-PK-000010 - The DoD Root CA certificates must be installed in the Trusted Root Store. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
