| 1.1.4.4.1 Ensure peer to peer connection while only 2 people in a meeting is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.4.7.2.1.4 Ensure 'Excel 2 Worksheets' is set to Enabled(Open/Save blocked, use open policy) | CIS Microsoft Office Excel 2016 v1.0.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.12 Ensure email logging is configured for critical to emergency | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Alter the Advertised server.number String | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.1.2 (L1) Ensure 'Don't allow Dynamic Data Exchange (DDE) server launch in Excel' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.2.4 Ensure 'Excel 2 worksheets' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Alter the Advertised server.built Date | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.16 Enable server-based authentication | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| 3.1.16 Enable server-based authentication | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Connection Timeout | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max Connections | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - connectionTimeout | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidth | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Ensure Handler is not granted Write and Script/Execute - Default | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 7.1.6 Verify that the autoexpand option for VDS dvPortgroups is disabled | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | |
| CIS_Ubuntu_16.04_LTS_Server_v2.0.0_L1.audit from CIS Ubuntu 16.04 LTS Server Benchmark L1 v2.0.0 | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | MAINTENANCE |
| DTOO113 - Open/Save actions for Excel 2 macrosheets and add-in files must be blocked. | DISA STIG Microsoft Excel 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure mounting of jffs2 filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - version | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000185 - The FortiGate device must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| GEN005306 - SNMP must require the use of a FIPS 140-2 cryptographic hash algorithm as part of its authentication and integrity methods. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN005505 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005507 - The SSH daemon must only use message authentication codes (MACs) that employ FIPS 140-2 cryptographic hash algorithms. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| OH12-1X-000074 - OHS log files must only be accessible by privileged users - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000117 - OHS must have the IfModule cgid_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000144 - OHS must have the BrowserMatch directive disabled - BrowserMatch | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000144 - OHS must have the BrowserMatch directive disabled - dir_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000163 - OHS must have the IfModule cgid_module directive disabled for the OHS server, virtual host, and directory configuration. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000173 - OHS must be configured to use a specified IP address, port, and protocol - ssl.conf | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000223 - The OHS document root directory must not be on a network share. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000230 - The OHS DocumentRoot directory must be on a separate partition from OS root partition. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000248 - OHS must have the SSLVerifyClient directive set within each SSL-enabled VirtualHost directive to perform RFC 5280-compliant certification path validation. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000281 - OHS must have the DocumentRoot directive set to a separate partition from the OHS system files. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Password Change Interval (hours) | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010420 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SLES 12 STIG v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010510 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-005900 - The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
