| 1.7.1.2 Ensure local login warning banner is configured properly | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.3 Ensure remote login warning banner is configured properly | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly - banner text | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly - banner text | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure local login warning banner is configured properly - banner text | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure local login warning banner is configured properly - mrsv | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly - banner | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - banner | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - mrsv | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure remote login warning banner is configured properly - platform flags | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.4 Ensure remote login warning banner is configured properly - mrsv | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.8.1.2 Ensure local login warning banner is configured properly | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.1.2 Ensure local login warning banner is configured properly | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.8.1.2 Ensure local login warning banner is configured properly | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.2.9 Ensure IPv6 router advertisements are not accepted | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Ensure IPv6 outbound and established connections are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Disable IP Forwarding - net.ipv4.ip_forward = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1.2 Ensure Logging Service is Running | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure logrotate is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.6 Enable Bad Error Message Protection - net.ipv4.icmp_ignore_bogus_error_responses = 1 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.17 Ensure SSH LoginGraceTime is set to one minute or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.2.2 Ensure password reuse is limited | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure the Sudo Timeout Period Is Set to Zero - timestamp timeout | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.11 Ensure no users have .forward files | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-024220 - AlmaLinux OS 9 must display the date and time of the last successful account logon upon logon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000220 - The Arista MLS layer 2 switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000160 - The Juniper EX switch must be configured to enable IGMP or MLD Snooping on all VLANs. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000230 - The Juniper EX switch must be configured to set all user-facing or untrusted ports as access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| MYS8-00-008200 - The MySQL Database Server 8.0 must protect its audit features from unauthorized removal. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000040 - The Photon operating system must configure rsyslog to offload system logs to a central server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-653080 - RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-653085 - RHEL 9 audit log directory must be owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| UBTU-18-010245 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-18-010247 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-18-010248 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WA00545 A22 - Web server options for the OS root must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
