| 1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 1.25.6 (L1) Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.7 (L2) Ensure that an anti-phishing policy has been created | CIS Microsoft 365 Foundations v4.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.14 (L1) Ensure inbound anti-spam policies do not contain allowed domains | CIS Microsoft 365 Foundations v4.0.0 L1 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.14 (L1) Ensure inbound anti-spam policies do not contain allowed domains | CIS Microsoft 365 Foundations v4.0.0 L1 E3 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.2 (L1) Ensure 'Publisher Automation Security Level' is set to 'Enabled: By UI (prompted)' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourly | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.5 Enable grayware detection on antivirus | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 5.007 - An approved, up-to-date, DoD antivirus program must be installed and used. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 8.1.34 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.4 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.42 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4.3 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.5.3 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Change the Size of the Anti-Replay Window | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| DTAG008 - The antivirus signature file age must not exceed 7 days. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAG008 - The antivirus signature file age must not exceed 7 days. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - schedule is daily | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - schedule is daily. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - scheduling enabled | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM016 - McAfee VirusScan must be configured to receive DAT and Engine updates - scheduling enabled. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM104 - McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown unwanted programs and trojans. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM138 - McAfee VirusScan Access Protection Policies must be configured to prevent McAfee services from being stopped. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM138 - McAfee VirusScan Access Protection Rules must be configured to prevent McAfee services from being stopped. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTBI062-IE11 - Anti-Malware programs against ActiveX controls must be run for the Intranet zone. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI092-IE11 - Anti-Malware programs against ActiveX controls must be run for the Trusted Sites zone. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI426-IE11 - Anti-Malware programs against ActiveX controls must be run for the Local Machine zone. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1051-IE11 - Anti-Malware programs against ActiveX controls must be run for the Restricted Sites zone. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000510 - Exchange must have anti-spam filtering configured. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000146 - Exchange antimalware agent must be enabled and configured. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.10.1v1 - Emails SHALL be scanned for malware. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000001 - The Palo Alto Networks security platform must enable Antivirus, Anti-spyware, and Vulnerability Protection for all authorized traffic | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | ACCESS CONTROL |
| SonicWALL - Security Services - Gateway AV - CIFS/Netbios | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - FTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - FTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - HTTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - IMAP | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - POP3 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - Signature Timestamp | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Security Services - Gateway AV - SMTP Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - SMTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
