| 1.5 Installing ISC BIND 9 - bind9 installation | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.13 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set to '10' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.06 listener.ora - 'Use IP addresses rather than hostnames' | CIS v1.1.0 Oracle 11g OS L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.4 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' | CIS Microsoft Windows 10 Stand-alone v4.0.0 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' (MS Only) | CIS Microsoft Windows Server 2019 v4.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.3 (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-015640 - AlmaLinux OS 9 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-043910 - AlmaLinux OS 9 /var/log directory must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044130 - AlmaLinux OS 9 /var/log/messages file must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044240 - AlmaLinux OS 9 /var/log/messages file must have mode 0640 or less permissive. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044460 - AlmaLinux OS 9 /var/log directory must have mode 0755 or less permissive. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044790 - AlmaLinux OS 9 must clear memory when it is freed to prevent use-after-free attacks. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| BIND-9X-001134 - On the BIND 9.x server the private keys corresponding to both the ZSK and the KSK must not be kept on the BIND 9.x DNSSEC-aware primary authoritative name server when the name server does not support dynamic updates. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001403 - A BIND 9.x server implementation must implement internal/external role separation. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DO0240-ORACLE11 - The Oracle OS_ROLES parameter should be set to FALSE - 'os_roles = false' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| FNFG-FW-000130 - The FortiGate firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-10-009400 - Google Android 10 work profile must be configured to enforce the system application disable list. | MobileIron - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-10-011000 - Google Android 10 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| O19C-00-018300 - Oracle Database must only generate error messages that provide information necessary for corrective actions without revealing organization-defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| O121-C2-018500 - The DBMS must isolate security functions from nonsecurity functions by means of separate security domains. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000183 - The CustomIdentityKeyStoreFileName property of the Node Manager configured to support OHS must be configured for secure communication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232250 - All RHEL 9 local files and directories must have a valid group owner. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252020 - RHEL 9 must securely compare internal information system clocks at least every 24 hours. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-412075 - RHEL 9 must display the date and time of the last successful account logon upon logon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-432025 - RHEL 9 must require users to reauthenticate for privilege escalation. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611090 - RHEL 9 passwords must be created with a minimum of 15 characters. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ZEBR-10-001100 - Zebra Android 10 whitelist must be configured to not include applications with the following characteristics: | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-001100 - Zebra Android 10 whitelist must be configured to not include applications with the following characteristics: | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-011000 - Zebra Android 10 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-011000 - Zebra Android 10 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
