| 1.1.4.2 command accounting | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| CIS_Kubernetes_v1.24_v1.0.0_Level_2_Worker.audit from CIS Kubernetes v1.24 Benchmark v1.0.0 | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Worker | Unix | CONFIGURATION MANAGEMENT |
| CIS_MongoDB_Benchmark_Level_1_OS_Unix_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0 | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | |
| CIS_MongoDB_Benchmark_Level_2_OS_Windows_v1.0.0.audit from CIS MongoDB Benchmark v1.0.0 | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | |
| CIS_PostgreSQL_16_v1.0.0_L1_Database.audit from CIS PostgreSQL 16 Benchmark v1.0.0 | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | |
| SYMP-AG-000020 - Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000110 - Symantec ProxySG providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000140 - Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access web resources occur. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000210 - Symantec ProxySG must use a centralized log server. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000230 - Symantec ProxySG must provide an alert to, at a minimum, the SCA and ISSO of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server - From | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Forwarding Host | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000240 - The reverse proxy Symantec ProxySG providing intermediary services for FTP must inspect inbound FTP communications traffic for protocol compliance and protocol anomalies - Review Proxies | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Explicit | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - External | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000260 - Symantec ProxySG providing intermediary services for HTTP must inspect inbound HTTP traffic for protocol compliance and protocol anomalies - Internal | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000270 - Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies - Internal | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-AG-000320 - Symantec ProxySG must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - Domain Exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000360 - Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000390 - Symantec ProxySG must prohibit the use of cached authenticators after 300 seconds at a minimum - iwa | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000420 - Symantec ProxySG providing user authentication intermediary services using PKI-based user authentication must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000430 - Symantec ProxySG providing user authentication intermediary services must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000450 - Symantec ProxySG providing forward proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000450 - Symantec ProxySG providing forward proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. - Source | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000460 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000470 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography for digital signatures. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000530 - Symantec ProxySG must implement load balancing to limit the effects of known and unknown types of denial-of-service (DoS) attacks. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000560 - Symantec ProxySG must fail securely in the event of an operational failure. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000020 - Symantec ProxySG must be configured to enforce user authorization to implement least privilege. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000040 - Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI). | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000120 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000130 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog Enabled | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000150 - Symantec ProxySG must employ automated mechanisms to centrally verify authentication settings. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000170 - Symantec ProxySG must use Role-Based Access Control (RBAC) to assign privileges to users for access to files and functions. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SYMP-NM-000180 - Symantec ProxySG must employ automated mechanisms to centrally apply authentication settings - Policy Review | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. - attribute keyring | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000260 - Symantec ProxySG must transmit only encrypted representations of passwords - HTTP-Console Disabled | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000280 - Symantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
