| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1 Ensure a 'Consent Message' has been 'Configured' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS Fedora 28 Family Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded | CIS Fedora 28 Family Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.19 Ensure kernel module loading unloading and modification is collected | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-NM-000070 - The Juniper EX switch must be configured to enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | ACCESS CONTROL |
| JUEX-NM-000130 - The Juniper EX switch must be configured to produce audit records containing information to establish when (date and time) the events occurred. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000140 - The Juniper EX switch must be configured to produce audit records containing information to establish where the events occurred. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000170 - The Juniper EX switch must be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000260 - The Juniper EX switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000290 - The Juniper EX switch must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000460 - The Juniper EX switch must be configured to enforce access restrictions associated with changes to device configuration. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000580 - The Juniper EX switch must be configured to generate audit records showing starting and ending time for administrator access to the system. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000650 - The Juniper EX switch must be configured to conduct backups of system level information contained in the information system when changes occur. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| JUEX-NM-000660 - The Juniper EX switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000930 - The Juniper EX switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | ACCESS CONTROL |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-020300 - The Red Hat Enterprise Linux operating system must be configured so that all Group Identifiers (GIDs) referenced in the /etc/passwd file are defined in the /etc/group file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-021010 - The Red Hat Enterprise Linux operating system must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 18' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 20' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 103' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 110' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 113' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 132' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 133' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 170' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 171' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011200 - SQL Server must provide audit record generation capability for organization-defined auditable events within the database - 'Event ID 176' | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-012700 - When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
