| 1.1 Ensure device firmware is up to date | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | |
| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 3.2 Database Audit L1 v1.0.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.6.1 Ensure separate partition exists for /var/log/audit | CIS Fedora 28 Family Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.16 Ensure separate partition exists for /var/log/audit | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2 Ensure the latest version of Java is installed | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.2 Ensure the latest version of Java is installed | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.3 Create mozilla.cfg file | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.3 Create mozilla.cfg file. | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure the latest version of Python is installed | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.4.2 Ensure filesystem integrity is regularly checked | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2.1.13 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.13 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3 Disable NTLM v1 | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.8 Disable WebRTC - media.peerconnection.enabled | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Disable WebRTC - media.peerconnection.use_document_iceservers | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Disable WebRTC - media.peerconnection.use_document_iceservers | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 5.1.4 Ensure sshd access is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure sshd access is configured | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.5 Enable Warning for External Protocol Handler | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 55.5 (L2) Ensure 'Disable Store Originated Apps' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L3-000120 - The Arista Multilayer Switch must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - PIM neighbor filter to interfaces that have PIM enabled. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARDC-CL-000070 - Adobe Reader DC must disable the Adobe Repair Installation. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000070 - Adobe Reader DC must disable the Adobe Repair Installation. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| DTOO104 - Outlook - Disable user name and password syntax from being used in URLs | DISA STIG Office 2010 Outlook v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000420 - The Exchange Block List service provider must be identified. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-09-001000 - The Google Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001000 - The Motorola Android Pie must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | AirWatch - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| RHEL-06-000003 - The system must use a separate file system for /var/log. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-010400 - SQL Server auditing configuration maximum file size must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| VCENTER-000008 - The vCenter Server must be installed using a service account instead of a built-in Windows account. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| VCST-80-000143 The vCenter STS service default documentation must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| XenServer - Only allow access to required network services | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - The hosts.deny file blocks access by default | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - XAPI SSL certificate is in default location | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
