| 1.8.13 Ensure GNOME Idle activation is set | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.10 Enable user namespace support | CIS Docker v1.8.0 L2 OS Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.3.4 Ensure ip6tables default deny firewall policy | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.4 Ensure iptables default deny firewall policy | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.4 Ensure iptables default deny firewall policy | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.4 Ensure iptables default deny firewall policy | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.4 Ensure iptables default deny firewall policy | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.4 Ensure ip6tables default deny firewall policy | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.4 Ensure ip6tables default deny firewall policy | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.4 Ensure ip6tables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.203 - Prohibit Network Bridge in Windows | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 7.16 Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 12.1 Ensure the AppArmor Framework Is Enabled | CIS Apache HTTP Server 2.4 v2.3.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DKER-EE-001940 - SELinux security options must be set on Red Hat or CentOS systems for Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JBOS-AS-000135 - JBoss ROOT logger must be configured to utilize the appropriate logging level. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020210 - The Red Hat Enterprise Linux operating system must enable SELinux. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-700650 - RHEL 10 must force a frequent session key renegotiation for Secure Shell (SSH) connections to the server. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-700660 - RHEL 10 must be configured so that all network connections associated with Secure Shell (SSH) traffic terminate after becoming unresponsive. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-020220 - The operating system must be configured to provide essential capabilities. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020220 - The operating system must be configured to provide essential capabilities. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020230 - The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020230 - The operating system must employ automated mechanisms to prevent program execution in accordance with the organization-defined specifications. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| WN12-CC-000004 - Network Bridges must be prohibited in Windows. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000004 - Network Bridges must be prohibited in Windows. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
