| 1.3 Account Anti-riot Attack | Tenable ZTE ROSNG | ZTE_ROSNG | ACCESS CONTROL |
| 2.4.4 (L1) Ensure Zero-hour auto purge for Microsoft Teams is on | CIS Microsoft 365 Foundations v4.0.0 L1 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Enable Virus Scanning for Downloads | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Enable Virus Scanning for Downloads | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | ACCESS CONTROL |
| 18.10.8.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.8.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows 10 v2004 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing - EnhancedAntiSpoofing | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTBI1046-IE11 - Anti-Malware programs against ActiveX controls must be run for the Internet zone. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000490 - Exchange must have anti-spam filtering installed. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-000500 - Exchange must have anti-spam filtering enabled - ContentFilterConfig | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-000500 - Exchange must have anti-spam filtering enabled - SenderFilterConfig | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-000500 - Exchange must have anti-spam filtering enabled - SenderIDConfig | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-000500 - Exchange must have anti-spam filtering enabled - SenderReputationConfig | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000141 - Exchange must have anti-spam filtering enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000142 - Exchange must have anti-spam filtering configured. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000137 - Exchange must have anti-spam filtering installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000138 - Exchange must have anti-spam filtering enabled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000139 - Exchange must have anti-spam filtering configured. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000010 - The Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000026 - The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000027 - The Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.1.2v1 - All users SHALL be added to Exchange Online Protection (EOP) in either the standard or strict preset security policy. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-AG-000063 - The Palo Alto Networks security platform must delete or quarantine malicious code in response to malicious code detection. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000008 - The Palo Alto Networks security platform must capture traffic of detected/dropped malicious code. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000024 - The Palo Alto Networks security platform must install updates for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000029 - The Palo Alto Networks security platform must automatically install updates to signature definitions, detection heuristics, and vendor-provided rules. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - Activated | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| Use enhanced anti-spoofing when available | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use enhanced anti-spoofing when available | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| WG204 IIS6 - A web server must not be co-hosted with other services | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000195 - Enhanced anti-spoofing for facial recognition must be enabled on Windows 11. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000029 - Microsoft Defender AV virus definition age must not exceed 7 days. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
