| 1.3.2 Ensure mask phone number in the participant list is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.25 (L1) Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2.2 Ensure show H.323 contacts is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.1.2.3 Ensure company contacts is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.51 (L1) Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL |
| 3.19 (L1) Host must have an accurate Exception Users list | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 5.126 - Web Publishing and online ordering wizards prevented from downloading list of providers. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 6.12 Update the Java Runtime Environment (JRE) regularly if Java is in use | CIS Sybase 15.0 L2 OS Windows v1.1.0 | Windows | |
| 6.12 Update the Java Runtime Environment (JRE) regularly if Java is in use | CIS Sybase 15.0 L2 OS Unix v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.3 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'tns services are using correct service account' | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | ACCESS CONTROL |
| DTAM170 - McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - jokesAlert | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP recipients | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP sender | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTBI680 - The update check interval must be configured and set to 30 days. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-06-000075 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted by use of an external proxy server. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000201 - The ESXi host lockdown mode exception users list must be verified. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.lockdown-exception-users | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| IIST-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 10.0 website must be removed. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000216 - The IIS 10.0 website must have resource mappings set to disable the serving of certain file types. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000215 - Mappings to unused and vulnerable scripts on the IIS 8.5 website must be removed. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| Management Access Policy - HTTPS - Cipher Configuration | Tenable Cisco ACI | Cisco_ACI | |
| SOL-11.1-020030 - The operating system must protect audit tools from unauthorized access. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020030 - The operating system must protect audit tools from unauthorized access. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020040 - The operating system must protect audit tools from unauthorized modification. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020040 - The operating system must protect audit tools from unauthorized modification. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020050 - The operating system must protect audit tools from unauthorized deletion. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020050 - The operating system must protect audit tools from unauthorized deletion. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020080 - System packages must be configured with the vendor-provided files, permissions, and ownerships. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020080 - System packages must be configured with the vendor-provided files, permissions, and ownerships. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000175 - Splunk Enterprise forwarders must be configured with Indexer Acknowledgement enabled. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 OS | Windows | CONFIGURATION MANAGEMENT |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000053 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000054 - The vCenter Server for Windows must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WG204 IIS6 - A web server must not be co-hosted with other services | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000130 - Software certificate installation files must be removed from Windows 10. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000130 - Software certificate installation files must be removed from Windows 11. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000020 - Software certificate installation files must be removed from Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000020 - Software certificate installation files must be removed from Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000240 - Windows Server 2019 must have software certificate installation files removed. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
