| 1.1 Ensure device firmware is up to date | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | |
| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.1 Ensure separate partition exists for /var/tmp | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.6.1 Ensure separate partition exists for /var/log | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.6.1 Ensure separate partition exists for /var/log | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.4.1 Ensure separate partition exists for /var/tmp | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.5.1 Ensure separate partition exists for /var/log | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.7.1 Ensure separate partition exists for /home | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.10 Ensure separate partition exists for /var/log | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.13 Ensure separate partition exists for /home | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure prelink is disabled | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.5.3 Ensure prelink is not installed | CIS Debian 10 Server L1 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.5.4 Ensure prelink is not installed | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.5.4 Ensure prelink is not installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.6.3 Ensure prelink is disabled | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Enable Information Bar for Outdated Plugins | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure Update-related UI Components are Displayed | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.9 Ensure VDS health check is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2 Do Not Send Cross SSL/TLS Referrer Header | CIS Mozilla Firefox 38 ESR Linux L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Set File URI Origin Policy | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.4 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Set OCSP Use Policy | CIS Mozilla Firefox 38 ESR Linux L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Block Mixed Active Content | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 Disable Scripting of Plugins by JavaScript | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Disallow JavaScript's Ability to Hide the Status Bar | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.5 Disable Closing of Windows via Scripts | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.5 Ensure access to the su command is restricted - wheel group contains root | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.203 - Prohibit Network Bridge in Windows | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Do Not Accept Third Party Cookies | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Disabling Auto-Install of Add-ons | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.8 Enable Extension Update | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.9 Set Extension Update Interval Time Checks | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Control which extensions cannot be installed | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTOO104 - PowerPoint - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Office 2010 PowerPoint v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Scripted Window Security must be enforced | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO209 - Protection from zone elevation must be enforced. | DISA STIG Microsoft OneDrive v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO209 - Protection from zone elevation must be enforced. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure at/cron is restricted to authorized users - cron.allow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure default deny firewall policy - Chain FORWARD | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure LDAP client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure LDAP client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Macro Notification Settings - vbadigsigtrustedpublishers | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | SYSTEM AND SERVICES ACQUISITION |
| Macro Notification Settings - xl4macrowarningfollowvba | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restricting access to the Configuration utility by source IP address | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000015 - The system package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
