| 1.2 Ensure the container host has been Hardened | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Harden the container host | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure remote login warning banner is configured properly | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.6.3 Ensure remote login warning banner is configured properly | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.6.3 Ensure remote login warning banner is configured properly | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL |
| 1.6.3 Ensure remote login warning banner is configured properly | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.2 Ensure local login warning banner is configured properly | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.8.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-14-000054 The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000030 - The macOS system must configure audit log files to not contain access control lists (ACLs). | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000070 - The Arista MLS switch must have STP Loop Guard enabled on all nondesignated STP switch ports. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000150 - The Arista MLS layer 2 switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000170 - The Arista MLS layer 2 switch must have all disabled switch ports assigned to an unused VLAN. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONTINGENCY PLANNING |
| DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| JBOS-AS-000220 - JBoss process owner interactive access must be restricted. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-L2-000020 - The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000030 - The Juniper layer 2 switch must be configured to disable all dynamic VLAN registration protocols. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000130 - The Juniper EX switch must be configured to enable IP Source Guard on all user-facing or untrusted access VLANs. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000140 - The Juniper EX switch must be configured to enable Dynamic Address Resolution Protocol (ARP) Inspection (DAI) on all user VLANs. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000150 - The Juniper EX switch must be configured to enable Storm Control on all host-facing access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000250 - The Juniper EX switch must not have any access interfaces assigned to a VLAN configured as native for any trunked interface. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| MYS8-00-003700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-006100 - The MySQL Database Server 8.0 must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-008000 - The MySQL Database Server 8.0 must protect its audit features from unauthorized access. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| OL07-00-030870 - The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030060 - The SUSE operating system must generate audit records for all uses of the ssh-keysign command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030100 - The SUSE operating system must generate audit records for a uses of the chsh command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030130 - The SUSE operating system must generate audit records for all uses of the crontab command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030550 - The SUSE operating system must generate audit records for all uses of the su command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030560 - The SUSE operating system must generate audit records for all uses of the sudo command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
