| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 6.2.10 Ensure users' home directories permissions are 750 or more restrictive | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 6.2.13 Ensure users' home directories permissions are 750 or more restrictive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in default) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in default) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler exists in web application) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in default) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in web application) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties (check if org.apache.juli.FileHandler logging is enabled in web application) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 17.7.2 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.8.7.3 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.6 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.6 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.3 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| KNOX-07-004700 - The Samsung must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| MS.DEFENDER.5.2v1 - The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM). | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000013 - The Security Token Service must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| WN10-CC-000039 - Run as different user must be removed from context menus. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000039 - Run as different user must be removed from context menus. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000044 - The system must be configured to disable the Internet Router Discovery Protocol (IRDP). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-00-000390 - Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000390 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
