| 2.1.10 (L1) Ensure DMARC Records for all Exchange Online domains are published | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.24 (L1) Ensure 'Keep browsing data when creating enterprise profile by default' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.3.1.2 Set 'key' | CIS Cisco IOS XE 17.x v2.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.14 Ensure TLS Cipher Suite ordering is configured | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.102.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.88.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| CIS_Debian_Linux_11_v2.0.0_L1_Workstation.audit from CIS Debian Linux 11 Benchmark v2.0.0 | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | |
| CIS_Debian_Linux_12_v1.1.0_L1_Server.audit from CIS Debian Linux 12 Benchmark v1.1.0 | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | |
| CIS_Debian_Linux_12_v1.1.0_L2_Server.audit from CIS Debian Linux 12 Benchmark v1.1.0 | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | |
| CIS_Rocky_Linux_8_v2.0.0_L2_Workstation.audit from CIS Rocky Linux 8 Benchmark v2.0.0 | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | |
| CIS_Rocky_Linux_9_v2.0.0_L1_Server.audit from CIS Rocky Linux 9 Benchmark v2.0.0 | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | |
| CIS_Rocky_Linux_9_v2.0.0_L1_Workstation.audit from CIS Rocky Linux 9 Benchmark v2.0.0 | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | |
| CISC-RT-000660 - The Cisco PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000660 - The Cisco PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Configure an IPsec Static Route | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| DKER-EE-002150 - Docker Enterprise privileged ports must not be mapped within containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000120 - Exchange must protect audit data against unauthorized read access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000052 - Exchange must protect audit data against unauthorized read access. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000203 - A private IIS 10.0 website must only accept Secure Socket Layer (SSL) connections. | DISA IIS 10.0 Site v2r11 | Windows | ACCESS CONTROL |
| IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SV-000153 - An IIS 8.5 web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000560 - The router providing MPLS L2VPN services must be configured to authenticate targeted LDP sessions used to exchange VC information using a FIPS-approved message authentication code algorithm. | DISA Juniper EX Series Router v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-009600 - MariaDB must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-009700 - MariaDB must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-009800 - MariaDB must generate audit records when privileges/permissions are added. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MSCT_Microsoft_Edge_Version_83_v1.0.0.audit from MSCT Microsoft Edge Version 83 Security Baseline | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_86_v1.0.0.audit from MSCT Microsoft Edge Version 86 Security Baseline | MSCT Edge v86 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_90_v1.0.0.audit from MSCT Microsoft Edge Version 90 Security Baseline | MSCT Edge v90 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_91_v1.0.0.audit from MSCT Microsoft Edge Version 91 Security Baseline | MSCT Edge v91 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_107_v1.0.0.audit from MSCT Microsoft Edge Version 107 Security Baseline | MSCT Edge v107 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_117_v1.0.0.audit from MSCT Microsoft Edge Version 117 Security Baseline | MSCT Edge v117 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_135_v1.0.0.audit from MSCT Microsoft Edge Version 135 Security Baseline | MSCT Edge v135 v1.0.0 | Windows | |
| MSCT_Microsoft_Edge_Version_137_v1.0.0.audit from MSCT Microsoft Edge Version 137 Security Baseline | MSCT Edge v137 v1.0.0 | Windows | |
| OH12-1X-000322 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000025 - VAMI must force clients to select the most secure cipher. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-08-000231 - Oracle WebLogic must protect the confidentiality of applications and leverage transmission protection mechanisms, such as TLS and SSL VPN, when deploying applications - AdminServer SSL Listen Port | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000239 - Oracle WebLogic must employ approved cryptographic mechanisms when transmitting sensitive data - SSL Listen Port | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WINUR-000018 - The Deny log on as a batch job user right must be configured to prevent access from highly privileged accounts. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| WN16-MS-000380 - The 'Deny log on as a batch job' user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
