| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.17 Set Sticky Bit on All World-Writable Directories | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.3 Ensure 'Minimum passcode length' is set to a value of '6' or greater | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Configure Network Time Protocol (NTP) - restrict -6 default kod nomodify nopeer notrap noquery | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.5.1.2 Ensure minimum days between password changes is configured - /etc/shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured - login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.2 Ensure minimum days between password changes is configured - password shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001280 - The Cisco switch must generate audit records showing starting and ending time for administrator access to the system. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| DG0071-ORACLE11 - New passwords must be required to differ from old passwords by more than four characters - 'PASSWORD_VERIFY_FUNCTION is not set to NULL or DEFAULT' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | ACCESS CONTROL |
| ESXI-06-000015 - The SSH daemon must not allow authentication using an empty password. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000021 - The SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000025 - The SSH daemon must not permit tunnels. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000029 - The system must remove keys from the SSH authorized_keys file. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000032 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000033 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-100047 - The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | CONFIGURATION MANAGEMENT |
| GEN007820 - The system must not have IP tunnels configured - '/sbin/ip -6 tun list' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| VCPF-67-000012 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000013 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000012 - vSphere UI must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VMCH-06-000003 - The system must explicitly disable any GUI functionality for copy/paste operations. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000005 - The system must disable virtual disk shrinking. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000007 - The system must not use independent, non-persistent disks. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000008 - The system must disable HGFS file transfers. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000011 - The unexposed feature keyword isolation.tools.getCreds.disable must be set. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000014 - The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000015 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be set. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000027 - The system must disable VIX messages from the VM. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000035 - The system must disable tools auto install. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000040 - The system must disable shared salt values. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000041 - The system must control access to VMs through the dvfilter network APIs. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000044 - The system must minimize use of the VM console. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
