| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1.2.11 Ensure bypass the password when joining meetings from meeting list is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure mask phone number in the participant list is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.4 Ensure latest version of Cassandra is installed | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.4 Ensure latest version of Cassandra is installed | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g' | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | |
| 2.4 Do Not Specify Passwords in the Command Line | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Do Not Specify Passwords in the Command Line | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Ensure users must re-authenticate for privilege escalation | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.5 Ensure users must re-authenticate for privilege escalation | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 6.23 Ensure that no custom subscription administrator roles exist | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 25 - Disable Unused Connectors | TNS Best Practice Jetty 9 Linux | Unix | |
| AIOS-15-007200 - Apple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-007200 - Apple iOS/iPadOS 16 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | DISA STIG Apple macOS 11 v1r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| DTAM148 - McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM148 - McAfee VirusScan Access Protection: Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM170 - McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-109 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be disabled. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-06-000003 - The system must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| O112-C2-006900 - The DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-006900 - The DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database. | DISA STIG Oracle 12c v3r4 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SHPT-00-000435 - SharePoint must protect audit information from unauthorized modification of usage and health data collection logs. | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
| SHPT-00-000810 - SharePoint must identify potentially security-relevant error conditions. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010290 - The SUSE operating system must employ user passwords with a maximum lifetime of 60 days. | DISA SLES 12 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020230 - The SUSE operating system must employ user passwords with a maximum lifetime of 60 days. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000080 - Splunk Enterprise must use LDAPS for the LDAP connection. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SSO : SSO-DB-password-recorded | VMWare vSphere 5.X Hardening Guide | VMware | |
| vCenter : change-default-password | VMWare vSphere 5.X Hardening Guide | VMware | |
| VCENTER-000016 - Log files must be cleaned up after failed installations of the vCenter Server. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| VCENTER-000023 - A least-privileges assignment must be used for the vCenter Server database user. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| VCSA : change-default-password | VMWare vSphere 5.X Hardening Guide | VMware | |
| VCWN-06-000028 - Log files must be cleaned up after failed installations of the vCenter Server. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000060 - The vCenter Server for Windows must enable revocation checking for certificate based authentication. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000062 - The vCenter Server for Windows must enable Login banner for vSphere web client. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VM Tools: guest-8.tools-add-feature | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM Tools: guest-8.tools-deactivate-containerinfo | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM Tools: guest-8.tools-remove-feature | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| WG204 IIS6 - A web server must not be co-hosted with other services | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
