| 2.61 (L1) Ensure 'Enable network prediction' is set to 'Enabled: Do not predict actions on any network connection' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.10 (L1) Ensure 'Enable predict network actions` is set to 'Enabled: Do not predict actions on any network connection' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.28 Ensure the SSH server is configured to use only MACs employing FIPS 140-2-approved algorithms | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.1.29 Ensure the SSH server is configured to use only ciphers employing FIPS 140-2-approved algorithms | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.3.17 Ensure only strong MAC algorithms are used - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.6 Ensure that account 'Lockout threshold' is less than or equal to '10' | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 8.4.4 Ensure Guest Host Interaction Protocol Handler is set to disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.7 Ensure Unity Window Contents is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.9 Ensure Drag and Drop Version Get is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.10 Ensure Drag and Drop Version Set is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.11 Ensure Shell Action is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.14 Ensure Guest Host Interaction Tray Icon is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.19 Ensure Guest Host Interaction Launch Menu is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.21 Disable Host Guest File System Server | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 18.6.8.1 (L1) Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.1 (L1) Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.4 Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.7 Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.7 Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.8.7 Ensure 'Require Encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.34.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-041160 - AlmaLinux OS 9 must prevent kernel profiling by nonprivileged users. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-002490 - Amazon Linux 2023 password-auth must be configured to use a sufficient number of hashing rounds. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-002495 - Amazon Linux 2023 system-auth must be configured to use a sufficient number of hashing rounds. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100010 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-65-000011 - The ESXi host SSH daemon must be configured to use only the SSHv2 protocol. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 2 | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 2 | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000500-2 - The graphical desktop environment must set the idle timeout to no more than 15 minutes. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN000500-2 - The graphical desktop environment must set the idle timeout to no more than 15 minutes. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN002820-2 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchmod' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-2 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchmod' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUNI-RT-000690 - The Juniper PE router must be configured to implement Protocol Independent Multicast (PIM) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012100 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| Number of changes allowed within the change interval (changes) | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| O365-WD-000008 - Open/Save of Word 2 and earlier binary documents and templates must be blocked. | DISA Microsoft Office 365 ProPlus STIG v3r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010160 - The OL 8 "pam_unix.so" module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Oracle Linux 8 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 SPARC STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA Solaris 11 X86 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
