| 1.3 Disable all management related services on WAN port | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.1 (L1) Ensure NTP time synchronization is configured properly | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.1.4 Ensure correct system time is configured through NTP | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 2.1.6 Ensure the latest firmware is installed | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 2.4.3 Ensure admin accounts with different privileges have their correct profiles assigned | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL |
| 2.4.8 Virtual patching on the local-in management interface | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.1 Ensure High Availability configuration is enabled | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.5.3 Ensure HA Reserved Management Interface is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.6 (L1) Ensure dvfilter API is not configured if not used | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 (L1) Ensure remote logging is configured for ESXi hosts | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure logging is enabled on all firewall policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1 Detect Botnet connections | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.1 Ensure Antivirus Definition Push Updates are Configured | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.3.4 Ensure 'disableIssChecking' issuer claim is set to 'false' in the RP (Relying Party) | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 (L1) Ensure account lockout is set to 15 minutes | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 4.7 (L1) Ensure only authorized users and groups belong to the esxAdminsGroup group | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 5.1.1 Enable Compromised Host Quarantine | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.2 (L1) Ensure the ESXi shell is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 5.2.1.1 Ensure Security Fabric is Configured | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT |
| 5.4 (L1) Ensure CIM access is limited | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 5.5 (L1) Ensure Normal Lockdown mode is enabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 7.3.1 Centralized Logging and Reporting | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 7.5 (L1) Ensure port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 (L1) Ensure port groups are not configured to VLAN 4095 and 0 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Block Reported Web Forgeries | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 8.2 Block Reported Web Forgeries | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.2.2 (L2) Ensure unnecessary CD/DVD devices are disconnected | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.8 (L1) Ensure PCI and PCIe device passthrough is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.1 (L1) Ensure access to VMs through the dvfilter network APIs is configured correctly | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.4.4 (L2) Ensure Guest Host Interaction Protocol Handler is set to disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.5 (L2) Ensure Unity Taskbar is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.6 (L2) Ensure Unity Active is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.11 (L2) Ensure Shell Action is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 (L2) Ensure Trash Folder State is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.24 (L1) Ensure VM Console Paste operations are disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.7.2 (L2) Ensure host information is not sent to guests | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| BIND-9X-001400 - On a BIND 9.x server for zones split between the external and internal sides of a network, the RRs for the external hosts must be separate from the RRs for the internal hosts. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| EX13-EG-000310 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000620 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000230 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-80-000070 The vCenter Lookup service must set an inactive timeout for sessions. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| VCSA-80-000057 - vCenter Server plugins must be verified. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCST-80-000070 The vCenter STS service must set an inactive timeout for sessions. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL |
| VCUI-67-000026 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WA000-WWA066 A22 - The HTTP request line must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA066 A22 - The HTTP request line must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00612 A22 - The sites error logs must log the correct format. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WA00615 A22 - System logging must be enabled. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000090 - The WebSphere Application Server users WebSphere auditor role must be configured in accordance with System Security Plan. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000090 - The WebSphere Application Server users WebSphere auditor role must be configured in accordance with System Security Plan. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
