| 1.2.1.2 Ensure 'Mime Sniffing Safety Feature' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.2 Ensure 'Mime Sniffing Safety Feature' is set to Enabled - msaccess.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - excel.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - exprwd.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - msaccess.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - mse7.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - mspub.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - onent.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - outlook.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - powerpnt.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - pptview.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - spDesign.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - visio.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.7 Ensure 'Disable User Name and Password' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.25.8 Ensure 'Encryption Type for Password Protected Office Open XML Files' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.25.11 Ensure 'Disable All Trust Bar Notifications For Security Issues' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.23 Ensure 'Domain controllers have a PKI server certificate' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.69 Ensure 'US DoD CCEB Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-001101 - AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| Allow VBA to load typelib references by path from untrusted intranet locations | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow VBA to load typelib references by path from untrusted intranet locations | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow VBA to load typelib references by path from untrusted intranet locations | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow VBA to load typelib references by path from untrusted intranet locations | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Always open untrusted database files in Protected View | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Always prevent untrusted Microsoft Query files from opening | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000190 - The Arista MLS layer 2 switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'name' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'profile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| DTOO117 - Saved from URL mark to assure Internet zone processing must be enforced | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Saved from URL mark to assure Internet zone processing must be enforced. | DISA STIG Microsoft OneNote 2016 v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Saved from URL mark to assure Internet zone processing must be enforced. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - The Saved from URL mark must be selected to enforce Internet zone processing | DISA STIG Microsoft Sharepoint Designer 2013 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - The Saved from URL mark must be selected to enforce Internet zone processing in PowerPoint. | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - The Saved from URL mark must be selected to enforce Internet zone processing. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO503 - The Saved from URL mark must be selected to enforce Internet zone processing in PowerPoint Viewer. | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MS.DEFENDER.1.3v1 - All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-001220 - $CATALINA_BASE/conf/ folder must be owned by root, group tomcat. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WNDF-AV-000035 - Microsoft Defender AV must be configured to block Office applications from injecting into other processes. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
