| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT |
| 9.12 Set 'Turn off Crash Detection' to 'Enabled' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.42.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| DTAM054 - McAfee VirusScan On-Demand scan must be configured to find unknown program threats. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM054 - McAfee VirusScan On-Demand scan must be configured to find unknown program threats. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM105 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown macro viruses. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable QoS on all VM guests | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Identify a network interface to be used for storage access | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| JUSX-IP-000013 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Snapshots are not present | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - AAA - RADIUS server is trusted | TNS SonicWALL v5.9 | SonicWALL | CONFIGURATION MANAGEMENT |
| SonicWALL - AV License - Not Licensed | TNS SonicWALL v5.9 | SonicWALL | CONFIGURATION MANAGEMENT |
| SonicWALL - Content Filtering On - LAN | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Disable insecure services - HTTP | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Flood Protection - Layer 2 - Threshold | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - Layer 2 - WAN machines | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - TCP - Enforce compliance | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - TCP - Max Seg Lifetime | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Log Alert Emails - Enabled | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Login Banner - Wireless Zone | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
| SonicWALL - Password Policy - Affected User types - full-admins | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Password Policy - minimum length >= 8 | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Password Policy - Password Uniqueness >= 10 | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - Password Policy - User Lockout - Enabled | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Review the DNS Server Settings | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - SNMP Community Name - 'public' or 'private' | TNS SonicWALL v5.9 | SonicWALL | IDENTIFICATION AND AUTHENTICATION |
| SonicWALL - SSL Control ON - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control ON - WAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Syslog server - >=1 server configured | TNS SonicWALL v5.9 | SonicWALL | |
| SonicWALL - Use non default admin access ports - HTTP | TNS SonicWALL v5.9 | SonicWALL | CONFIGURATION MANAGEMENT |
| Use a static IP on the management network interface | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| XenServer - Administrative actions are logged | TNS Citrix XenServer | Unix | |
| XenServer - Disable promiscuous mode on all network interfaces | TNS Citrix XenServer | Unix | |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'sshd' | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - Enable port locking by default on the VM guest network | TNS Citrix XenServer | Unix | |
| XenServer - Enable remote syslog | TNS Citrix XenServer | Unix | AUDIT AND ACCOUNTABILITY |
| XenServer - Ensure IP forwarding is disabled | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - High availability is enabled | TNS Citrix XenServer | Unix | |
| XenServer - Identify a network interface to be used for storage access | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - Install a trusted CA certificate on the pool | TNS Citrix XenServer | Unix | |
| XenServer - Install a trusted certificate in place of the default self-signed SSL certificate | TNS Citrix XenServer | Unix | |
