| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.5 Ensure users' home directories permissions are 750 or more restrictive | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' home directories permissions are 750 or more restrictive | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' home directories permissions are 750 or more restrictive | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' home directories permissions are 750 or more restrictive | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' home directories permissions are 750 or more restrictive | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.11 Ensure users' home directories permissions are 750 or more restrictive | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.11 Ensure users' home directories permissions are 750 or more restrictive | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.13 Ensure users' home directories permissions are 750 or more restrictive | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.13 Ensure users' home directories permissions are 750 or more restrictive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in web application) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 18.10.9.3.15 (L1) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Navigation to URLs embedded in Office products must be blocked. | DISA STIG Microsoft Groove 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO132 - File Downloads must be configured for proper restrictions. | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000242 - The F5 BIG-IP appliance must be configured to enable the 'Secure' cookie flag - Secure cookie flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000030 - The FortiGate device must have only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000055 - The FortiGate device must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000115 - The FortiGate device must generate an immediate real-time alert of all audit failure events requiring real-time alerts. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000135 - The FortiGate device must protect audit tools from unauthorized access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000145 - The FortiGate device must prohibit installation of software without explicit privileged status. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000170 - The FortiGate device must be running an operating system release that is currently supported by the vendor. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| FGFW-ND-000245 - The FortiGate device must use LDAPS for the LDAP connection. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000255 - The FortiGate device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000275 - The FortiGate device must terminate idle sessions after 10 minutes of inactivity. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000305 - The FortiGate device must only install patches or updates that are validated by the vendor via digital signature or hash. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| VCPF-70-000006 - Performance Charts must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-00-000165 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
