| 1.7.2 Ensure 'TLS 1.2' is set for HTTPS access | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1 Ensure password creation requirements are configured | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.10.44.1 (L1) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| Access data sources across domains - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow drag and drop or copy and paste files - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow loading of XAML files - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| ALMA-09-008490 - AlmaLinux OS 9 must prevent users from disabling the Standard Mandatory DOD Notice and Consent Banner for graphical user interfaces. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-024330 - AlmaLinux OS 9 security patches and updates must be installed and up to date. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-053260 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054250 - AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit Authorization Policy Change | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Process Creation | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Automatic prompting for file downloads - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatic prompting for file downloads - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Create permanent shared objects | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Deny access to this computer from the network | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Do not allow passwords to be saved | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain controller: LDAP server signing requirements | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Digitally encrypt or sign secure channel data (always) | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Trusted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Include local path when user is uploading files to a server - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - (Reserved) | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - (Reserved) | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_SECURITYBAND - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_WINDOW_RESTRICTIONS - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_WINDOW_RESTRICTIONS - iexplore.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - explorer.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Java permissions - Locked-Down Trusted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Lock pages in memory | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-017100 - Oracle Database must isolate security functions from nonsecurity functions by means of separate security domains. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-005000 - The DBMS must set the maximum number of consecutive invalid logon attempts to three. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OH12-1X-000074 - OHS log files must only be accessible by privileged users - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Perform volume maintenance tasks | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent ignoring certificate errors | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-212040 - RHEL 9 must clear the page allocator to prevent use-after-free attacks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run .NET Framework-reliant components not signed with Authenticode - Internet Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-00-000032 - Windows 10 systems must use a BitLocker PIN with a minimum length of six digits for pre-boot authentication. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
