| 1.1.1.1.7 Ensure enhanced weak passcode detection is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure 'Select cloud protection level' is set to Enabled: Moderate blocking level' or higher | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.2 Ensure 'Select cloud protection level' is set to Enabled: Moderate blocking level' or higher | CIS Microsoft Defender Antivirus v1.0.0 L1 Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.12 Ensure host-based intrusion detection tool is used | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.21 Ensure 'Improve harmful app detection' is set to Enabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | |
| 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | INCIDENT RESPONSE |
| 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | INCIDENT RESPONSE |
| 2.9.2 (L1) Ensure 'Enable leak detection for entered credentials' Is Set to 'Enabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1.1.4 Ensure use enhanced weak password detection is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 3.2.1.24 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.2.5 Enable grayware detection on antivirus | CIS FortiGate 7.4.x v1.0.1 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.5 Enable grayware detection on antivirus | CIS Fortigate 7.0.x v1.4.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.6 Ensure inline scanning with FortiGuard AI-Based Sandbox Service is enabled | CIS FortiGate 7.4.x v1.0.1 L1 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.6 Ensure inline scanning with FortiGuard AI-Based Sandbox Service is enabled | CIS Fortigate 7.0.x v1.4.0 L1 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.19 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.19 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.20 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories - continue on the URL categories | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.20 Ensure that User Credential Submission uses the action of block or continue on the URL categories | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 (L1) Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.4 Ensure 'Enable App Installer Local Archive Malware Scan Override' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA Cisco IOS XE Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'tns services are using correct service account' | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | ACCESS CONTROL |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-002400 - The application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AS-000163 - To protect against data mining, The BIG-IP ASM module must be configured to detect code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | ACCESS CONTROL |
| F5BI-LT-000163 - To protect against data mining, the BIG-IP Core implementation providing content filtering must be configured to detect code injection attacks being launched against data storage objects. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | ACCESS CONTROL |
| GEN006480 - The system must have a host-based intrusion detection tool installed. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000014 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-VN-000022 - The Juniper SRX Services Gateway VPN must terminate all network connections associated with a communications session at the end of the session. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MS.EXO.15.2v1 - Direct download links SHOULD be scanned for malware. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.7.1v1 - Attachments included with Teams messages SHOULD be scanned for malware. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000033 - To protect against unauthorized data mining, the Palo Alto Networks security platform must detect and prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code. | DISA Palo Alto Networks IDPS STIG v3r2 | Palo_Alto | ACCESS CONTROL |
| SYMP-NM-000320 - Symantec ProxySG must enable Attack Detection. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000022 - Servers must have a host-based Intrusion Detection System. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000001 - Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature. | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | SYSTEM AND INFORMATION INTEGRITY |
