| 2.2.29 (L2) Configure 'Log on as a service' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 2.3 Ensure 'forms authentication' require SSL - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.10 Set 'Enable S/MIME for OWA 2010' to 'True' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Set 'Enable S/MIME for OWA 2010' to 'True' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.221 - Windows Movie Maker Web Links | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'ErrorLog is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Disable Development Tools | CIS Mozilla Firefox 102 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Disable Development Tools | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Adtran : Secure Web Access - HTTP disabled | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| DISA_MongoDB_Enterprise_Advanced_7.x_STIG_v1r1_Unix.audit from DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | |
| DISA_STIG_Apple_OS_X_10.14_v2r6.audit from DISA Apple OS X 10.14 (Mojave) v2r6 STIG | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | |
| DISA_STIG_Cisco_IOS_XE_Switch_L2S_v3r1.audit from DISA Cisco IOS XE Switch L2S v3r1 STIG | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| DISA_STIG_Microsoft_Skype_Business_2016_v1r1.audit from DISA STIG Microsoft Skype for Business 2016 v1r1 | DISA STIG Microsoft Skype for Business 2016 v1r1 | Windows | |
| DISA_STIG_VMware_vSphere_6.7_Perfcharts_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 Perfcharts Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_Photon_OS_v1r6.audit from DISA VMware vSphere 6.7 Photon OS v1r6 STIG | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | |
| Do not apply the Mark of the Web tag to files copied from insecure sources | MSCT Windows 11 v24H2 v1.0.0 | Windows | |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000310 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000620 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000229 - The Exchange email application must not share a partition with another application. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000255 - JBoss application and management ports must be approved by the PPSM CAL. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000009 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| SPLK-CL-000490 - Splunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000017 - The system must not override port group settings at the port level on distributed switches. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000052 - The system must enable the VSAN Health Check. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WA000-WWA022 A22 - The KeepAlive directive must be enabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA022 A22 - The KeepAlive directive must be enabled. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WA000-WWA022 W22 - The KeepAlive directive must be enabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : ICMP Error Handling - 'protocol-unreachable' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : Logging - Review Remote Logging Server Address | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | AUDIT AND ACCOUNTABILITY |
| WBLC-01-000014 - Oracle WebLogic must support the capability to disable network protocols deemed by the organization to be non-secure except for explicitly identified components in support of specific operational requirements. | Oracle WebLogic Server 12c Linux v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-01-000014 - Oracle WebLogic must support the capability to disable network protocols deemed by the organization to be non-secure except for explicitly identified components in support of specific operational requirements. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WBLC-01-000014 - Oracle WebLogic must support the capability to disable network protocols deemed by the organization to be non-secure except for explicitly identified components in support of specific operational requirements. | Oracle WebLogic Server 12c Windows v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WBLC-08-000236 - Oracle WebLogic must protect against or limit the effects of HTTP types of Denial of Service (DoS) attacks. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
