| 1.1.5 - MobileIron - Enable Erase Data | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.6 - MobileIron - Disable 'Network Notification' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.21 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 5.5.2 Ensure system accounts are secured - non-login shell | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.5.2 Ensure system accounts are secured - unlocked non-root | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.2 Ensure system accounts are secured - unlocked non-root | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 9.6 Ensure Signing Keys are Scheduled to be Replaced Periodically - KSK | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L1) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 20.42 Ensure 'Operating System is maintained at a supported servicing level' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.47 Ensure 'Permissions for program file directories must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.62 Ensure 'Telnet Client is not installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-000005 The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-001060 The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000005 - The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-001060 - The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXi : enable-chap-auth | VMWare vSphere 6.5 Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXi : enable-normal-lockdown-mode | VMWare vSphere 6.5 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi.firewall-restrict-access | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-09-000100 - The Google Android Pie must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Google Android 9.x v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-000100 - Google Android 10 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Google Android 10.x v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-000100 - Google Android 10 must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Google Android 10.x v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-000100 - The Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-000100 - The Motorola Android Pie must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-000100 - The Motorola Android Pie must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030361 - The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040310 - The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000970 - Idle timeout for the management application must be set to 10 minutes. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VM : disable-hgfs | VMWare vSphere 6.5 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : disable-unexposed-features-versionget | VMWare vSphere 6.5 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : restrict-host-info | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VM : verify-PCI-Passthrough | VMWare vSphere 6.5 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : reject-promiscuous-mode-StandardSwitch | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.asax' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI030 IIS6 - The IUSR_machinename account must not have read access to the .inc files or their equivalent. - '.inc' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Allowed Web Service Extensions' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-000100 - Zebra Android 10 must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
