| 2.2 Set 'Specify use of ActiveX Installer Service for installation of ActiveX controls' to 'Enabled' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.8 (L1) Host must require TPM-based configuration encryption | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.3.6 Ensure default deny firewall policy - forward | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.6.3.6 Ensure default deny firewall policy - input | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.3.10 Ensure successful file system mounts are collected | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure IAM policy changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.4 Ensure events that modify date and time information are collected | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.4 Ensure events that modify date and time information are collected | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.4 Ensure events that modify date and time information are collected | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 8.3.4 Ensure templates are used whenever possible to deploy VMs | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.3.4 Use templates to deploy VMs whenever possible | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 18.9.7.1.4 (L1) Ensure 'Display a custom message title when device installation is prevented by a policy setting' is set to 'Enabled: <Text>' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| AS24-U1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| Catalina - Managed Access Control Points | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| EX16-ED-000500 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000510 - The Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List Connection filter must be enabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to authorized setuid files. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002460 - The system must be checked weekly for unauthorized setgid files as well as unauthorized modification to authorized setgid files. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002460 - The system must be checked weekly for unauthorized sgid files as well as unauthorized modification to authorized setgid files. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN002760-9 - The audit system must be configured to audit all administrative, privileged, and security actions - 'sched_setparam' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN002760-10 - The audit system must be configured to audit all administrative, privileged, and security actions - 'sched_setscheduler' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| KNOX-07-012400 - The Samsung Android 7 with Knox must implement the management setting: Disable Allow New Admin Install. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-012400 - The Samsung Android 7 with Knox must implement the management setting: Disable Allow New Admin Install. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| Monterey - Managed Access Control Points | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| O112-P2-010800 - The DBMS software installation account must be restricted to authorized users. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-P2-010800 - The DBMS software installation account must be restricted to authorized users. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| RHEL-07-020700 - The Red Hat Enterprise Linux operating system must be configured so that all local initialization files for local interactive users are be group-owned by the users primary group or root. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| vNetwork : limit-network-healthcheck | VMWare vSphere 6.0 Hardening Guide | VMware | |
