| 1.1 (L1) Ensure ESXi is properly patched | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.6.3 Ensure 'Disable AutoRepublish' is set to Enabled | CIS Microsoft Office Excel 2016 v1.0.1 | Windows | ACCESS CONTROL |
| 2.1.2 Ensure 'Post-Login-Banner' is set | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure timezone is properly configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 2.1.7 Disable USB Firmware and configuration installation | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure management GUI listens on secure TLS version | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL |
| 2.2.29 (L1) Configure 'Log on as a service' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure only SNMPv3 is enabled | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.4 Ensure idle timeout time is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.4.7 Ensure default Admin ports are changed | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, MEDIA PROTECTION, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 (L2) Ensure VDS health check is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2 (L1) Ensure persistent logging is configured for all ESXi hosts | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure that policies do not use "ALL" as Service | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 4.1.2 Apply IPS Security Profile to Policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | RISK ASSESSMENT |
| 4.2 (L1) Ensure passwords are required to be complex | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.2.2 Apply Antivirus Security Profile to Policies | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.3 Enable Outbreak Prevention Database | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.4.2 Block applications running on non-default ports | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 (L1) Ensure previous 5 passwords are prohibited | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 5.2 (L1) Ensure the ESXi shell is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 5.3 (L1) Ensure SSH is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 5.8 (L1) Ensure idle ESXi shell and SSH sessions time out after 300 seconds or less | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 7.5 (L1) Ensure port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 (L1) Ensure port groups are not configured to VLAN 4095 and 0 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 (L1) Ensure Virtual Distributed Switch Netflow traffic is sent to an authorized collector | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.1.1 (L2) Ensure only one remote console connection is permitted to a VM at any time | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.2.3 (L1) Ensure unnecessary parallel ports are disconnected | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.6 (L1) Ensure unauthorized modification and disconnection of devices is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.7 (L1) Ensure unauthorized connection of devices is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.3 Block Reported Web Forgeries | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.2 (L2) Ensure Autologon is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.4.7 (L2) Ensure Unity Window Contents is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.8 (L2) Ensure Unity Push Update is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.9 (L2) Ensure Drag and Drop Version Get is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.12 (L2) Ensure Request Disk Topology is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.15 (L2) Ensure Unity is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.18 (L2) Ensure Host Guest File System Server is disabled | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.22 (L1) Ensure VM Console Drag and Drop operations is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.23 (L1) Ensure VM Console GUI Options is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.5.2 (L2) Ensure hardware-based 3D acceleration is disabled and mks.enable3d is set to "False" | CIS VMware ESXi 7.0 v1.5.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.6.2 (L1) Ensure virtual disk shrinking is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.6.3 (L1) Ensure virtual disk wiping is disabled | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.7.1 (L1) Ensure the number of VM log files is configured properly | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| AIOS-14-008900 - Apple iOS/iPadOS must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-010500 - Apple iOS/iPadOS 16 must implement the management setting: limit Ad Tracking. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Syslog server - >=1 server configured | TNS SonicWALL v5.9 | SonicWALL | |
| VCTR-67-000029 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000075 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WBLC-08-000210 - Oracle WebLogic must terminate the network connection associated with a communications session at the end of the session or after a DoD-defined time period of inactivity. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
