| 1.2.23 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | CIS Kubernetes v1.11.1 L1 Master Node | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure access to sensitive site features is restricted to authenticated principals only | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only - Applications | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 2.3.2 Ensure rsh client is not installed - 'rsh-client' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.5 Secure Permissions for the Primary Archive Log Location (LOGARCHMETH1) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2 Ensure Advanced IIS logging is enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.5.1 Manage Kubernetes RBAC users with Google Groups for GKE | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.22 Do not docker exec commands with privileged option | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | |
| 5.29 Do not use Docker's default bridge docker0 | CIS Docker 1.12.0 v1.0.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Client | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.97.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.42.13.3 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.2 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.2 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.5 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.5 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.5 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.5 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.57.3.3.8 (L2) Ensure 'Restrict clipboard transfer from server to client' is set to 'Enabled: Disable clipboard transfers from server to client' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 22.2 (L1) Ensure 'Allow Email Scanning' is set to 'Allowed' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM143 - McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee Scan Engine files and settings. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| JUEX-RT-000380 - The Juniper router must be configured to restrict traffic destined to itself. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-ND-000140 - The Juniper router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Juniper Router NDM v3r2 | Juniper | ACCESS CONTROL |
| MD7X-00-008500 MongoDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000040 - OHS must have the client requests logging module loaded to generate log records for system startup and shutdown, system access, and system authentication logging. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Set client connection encryption level | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows 11 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | ACCESS CONTROL |
| SRG-OS-99999-ESXI5-000156 - The contents of exposed configuration files must be verified. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| Turn on e-mail scanning | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on e-mail scanning | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN19-SO-000290 - Windows Server 2019 Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
