| 1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.013 - System information backups are not created, updated, and protected according to DISA requirements. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 1.15 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.17 Set Sticky Bit on All World-Writable Directories | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.6 Ensure Relational Database Service Instances have Auto Minor Version Upgrade Enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 4.6.2 Ensure loopback traffic is blocked on external interfaces | CIS IBM AIX 7 v1.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.59 Ensure 'Software certificate installation files must be removed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.59 Ensure 'Software certificate installation files must be removed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.67 Ensure 'The system uses an anti-virus program' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 20.67 Ensure 'The system uses an anti-virus program' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CASA-FW-000100 - The Cisco ASA must be configured to use TCP when sending log records to the central audit server - Logging Permit-hostdown | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/passwd | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/passwd | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/shadow | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/shadow | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_DEFAULT | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_DEFAULT | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Limits print driver installation to Administrators | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Limits print driver installation to Administrators | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000233 - OHS hosted web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000013 - ESX Agent Manager must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCFL-67-000010 - vSphere Client must generate log records during Java startup and shutdown. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VMCH-06-000021 - The unexposed feature keyword isolation.tools.unity.push.update.disable must be set. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000039 - The system must not send host information to guests. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000043 - The system must use templates to deploy VMs whenever possible. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - Module-HealthState | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000084 - Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000084 - Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000084 - Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
