| 1.1 Ensure DNS server is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Ensure 'Pre-Login Banner' is set | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
| 2.1.12 Ensure single CPU core overloaded event is logged | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure 'Password Policy' is enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| 2.4.1 Ensure default 'admin' password is changed | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure all the login accounts having specific trusted hosts enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.4.5 Ensure only encrypted access channels are enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.6 Apply Local-in Policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, MEDIA PROTECTION, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Ensure firewall policy denying all traffic to/from Tor, malicious server, or scanner IP addresses using ISDB | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 (L1) Ensure the maximum failed login attempts is set to 5 | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 4.4.4 Apply Application Control Security Profile to Policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, MEDIA PROTECTION |
| 5.9 (L1) Ensure the shell services timeout is set to 1 hour or less | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 5.11 (L2) Ensure contents of exposed configuration files have not been modified | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1 (L1) Ensure bidirectional CHAP authentication for iSCSI traffic is enabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Apply a Trusted Signed Certificate for VPN Portal | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.2 (L2) Ensure the uniqueness of CHAP authentication secrets for iSCSI traffic | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 7.1.1 Enable Event Logging | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 7.2 (L1) Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 (L1) Ensure the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.1 (L1) Ensure unnecessary floppy devices are disconnected | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.4 (L1) Ensure unnecessary serial ports are disconnected | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.3.3 (L1) Ensure secure protocols are used for virtual serial port access | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.4.19 (L2) Ensure Guest Host Interaction Launch Menu is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 (L2) Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.6.1 (L2) Ensure nonpersistent disks are limited | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY |
| Internet Explorer Processes - Consistent Mime Handling - (Reserved) | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows 10 v1507 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - explorer.exe | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA066 W22 - The HTTP request line must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
