| 1.1.1.6 Ensure squashfs kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.3.1 Ensure separate partition exists for /home | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.3 Ensure repo_gpgcheck is globally activated | CIS Amazon Linux 2 v3.0.0 L2 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.5.1 Authentication | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files | CIS IIS 8.0 v1.5.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1 Ensure dccp kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1.1.1 Ensure audit log storage size is configured | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - halt | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/gshadow | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/passwd | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.18 Ensure the audit configuration is immutable | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4.2.1.4 Ensure password failed attempts lockout includes root account | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL |
| 5.2.1.3 Ensure audit_backlog_limit is sufficient | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.2 Ensure audit logs are not automatically deleted | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 7.1 Ensure HSTS Header is set | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure TLS Cipher Suite ordering is Configured | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4.4 Ensure Guest Host Interaction Protocol Handler is set to disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.5 Ensure Unity Taskbar is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.10 Ensure Drag and Drop Version Set is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 Ensure Trash Folder State is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.14 Ensure Guest Host Interaction Tray Icon is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.16 Ensure Unity Interlock is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000011 - The ESXi host SSH daemon must be configured to use only the SSHv2 protocol. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| ESXi: esxi-8.ssh-fips-ciphers | VMware vSphere Security Configuration and Hardening Guide 8.0 - Bare Metal Host | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| HONW-09-008400 - On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-008400 - On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
