| 1.6 Enforce password complexity - exec sp_passwordpolicy 'list' | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | IDENTIFICATION AND AUTHENTICATION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables default deny firewall policy - forward | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables default deny firewall policy - output | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure default deny firewall policy - hook output | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure nftables default deny firewall policy - forward | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure nftables default deny firewall policy - input | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure nftables default deny firewall policy - output | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.8 Ensure default deny firewall policy - input | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - auditctl issue | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - auditctl network-scripts | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - auditctl sethostname (32-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - issue.net | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - issue.net | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.5 Ensure events that modify the system's network environment are collected - sethostname (32-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/hosts | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/hosts | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/hosts | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/issue.net | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.19 Ensure kernel module loading unloading and modification is collected | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| Allow user control over installs | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs - EnableUserControl | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow user control over installs - EnableUserControl | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| ESXI-06-000070 - The system must not provide root/administrator level access to CIM-based hardware monitoring tools or other third-party applications. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000070 - The ESXi host must not provide root/administrator level access to CIM-based hardware monitoring tools or other third-party applications. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000070 - The ESXi host must not provide root/administrator-level access to CIM-based hardware monitoring tools or other third-party applications. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000149 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must securely configure SNMPv3 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| PANW-AG-000115 - The Palo Alto Networks security platform must continuously monitor inbound communications traffic crossing internal security boundaries. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| Review the list of Current Rackspace Users | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Review the list of Rackspace Database Flavors | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| RHEL-07-020620 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive users have a home directory assigned and defined in the /etc/passwd file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| vCenter : restrict-vcs-db-user | VMWare vSphere 5.X Hardening Guide | VMware | |
