| 1.1.19 Disable Mounting of freevxfs Filesystems - install freevxfs /bin/true' | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.22 Disable Mounting of hfsplus Filesystems - install hfsplus /bin/true' | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure the Server Is Not a Multi-Use System | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL |
| 1.7.1.1 Ensure message of the day is configured properly | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.14 Disable Local RPC Port Mapping Service - Make sure that network/rpc/bind is disabled. | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3.2 Ensure rsh client is not installed | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.08 Listener password - 'Use OS Authentication' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Ensure OverRide Is Disabled for the OS Root Directory | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 5.3.19 Make the Audit Configuration Immutable - -e 2 | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1.6 Verify User/Group Ownership on /etc/passwd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 11.2 Remove OS Information from Login Warning Banners - /etc/issue.net | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.81.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| ALMA-09-001890 - AlmaLinux OS 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-003650 - AlmaLinux OS 9 must force a frequent session key renegotiation for SSH connections to the server. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-014540 - All AlmaLinux OS 9 local interactive user accounts must be assigned a home directory upon creation. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-037310 - AlmaLinux OS 9 must be configured so that libuser is configured to store only encrypted representations of passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-038080 - Passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| DO3609-ORACLE11 - System privileges granted using the WITH ADMIN OPTION should not be granted to unauthorized user accounts - 'No accounts granted with admin option exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| EP11-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| FireEye - AAA LDAP binding user should not be an admin | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - FENet patch updates are applied automatically | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - FireEye Web MPS version | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Greylist URL list | TNS FireEye | FireEye | AUDIT AND ACCOUNTABILITY |
| FireEye - IPMI is enabled | TNS FireEye | FireEye | CONFIGURATION MANAGEMENT |
| FireEye - Login banner | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Usernames admin list | TNS FireEye | FireEye | ACCESS CONTROL |
| FireEye - Usernames list | TNS FireEye | FireEye | ACCESS CONTROL |
| HONW-09-008400 - On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUNI-RT-000500 - The Juniper BGP router must be configured to reject inbound route advertisements from a customer edge (CE) Juniper router for prefixes that are not allocated to that customer - CE Juniper router. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| O121-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-014500 - The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-99999-ESXI5-000138 - The system must disable SSH. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
