| 1.15 Ensure all Public Web Tier SSL\TLS certificates are >30 days from Expiration | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND INFORMATION INTEGRITY |
| 2.1 Ensure 'Lock screen' is set to 'Don't show notifications at all' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 2.1.3 Ensure NFS and RPC are not enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed - 'rsh-client' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.8.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.18 Secure permissions for the secondary archive log location - LOGARCHMETH2 OS Permission | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.16 Configure Mail Transfer Agent for Local-Only Mode - O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.1 Deactivate Wireless Interfaces | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure rsh client is not installed - rsh-client | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts - $InputTCPServerRun 514 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.autosave.onsize.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.file_access_events.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.nfs.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.restrict_anonymous = 2' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.4 CIFS - 'cifs.smb2.durable_handle.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.4 CIFS - 'dns.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'timed.proto = ntp' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.5 NFS - 'cifs.nfs_root_ignore_acl = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'nfs.rpcsec.ctx.high has been configured' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.5 NFS - 'nfs.rpcsec.ctx.idle has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'nfs.v4.read_delegation = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 8.2 Set GNOME Warning Banner | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.81.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| ALMA-09-004310 - AlmaLinux OS 9 must use the TuxCare FIPS repository. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-024110 - AlmaLinux OS 9 must clear the page allocator to prevent use-after-free attacks. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-025650 - AlmaLinux OS 9 must disable virtual system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028400 - AlmaLinux OS 9 fapolicy module must be installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-035220 - AlmaLinux OS 9 must have the USBGuard package enabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-043250 - AlmaLinux OS 9 wireless network adapters must be disabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-14-001044 The macOS system must configure the system to audit all authorization and authentication events. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-020310 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020320 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020470 - The audit system must be configured to audit any usage of the lsetxattr system call - user b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020490 - The audit system must be configured to audit any usage of the removexattr system call - user b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020500 - The audit system must be configured to audit any usage of the lremovexattr system call - root b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-24-100410 - Ubuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-06-000009 - The system must use Active Directory authentication. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WA00545 A22 - Web server options for the OS root must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00545 W22 - Web server options for the OS root must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WBSP-AS-000970 - The WebSphere Application Server must disable JSP class reloading. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
