| 1.6.6.2.3.1 Ensure 'Allow Trusted Locations on The Network' is set to Disabled | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.45 RHEL-09-214020 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 2.021 - Remove Software Certificate Installation Files | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Debian Linux 10 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.7 Ensure ufw default deny firewall policy | CIS Debian Linux 10 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.132 - User Account Control - Detect Application Installations | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure ufw default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure ufw default deny firewall policy | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 Ensure ufw default deny firewall policy | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 Ensure ufw default deny firewall policy | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.8 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.8 Ensure ufw default deny firewall policy | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10.9.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.10.9.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.10.9.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.4.11 Ensure password prohibited reuse is at a minimum 5 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.242 - Windows Installer - User Control | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed - 'mod_ssl is loaded' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed - 'mod_ssl is loaded' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.14 Ensure request body inspection is enabled in Azure Web Application Firewall policy on Azure Application Gateway | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-007200 - Apple iOS/iPadOS 16 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-007400 - Apple iOS/iPadOS 16 allowlist must be configured to not include applications with the following characteristics: - Backs up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - Transmits MD diagnostic data to non-DoD servers; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-007400 - Apple iOS/iPadOS 16 allowlist must be configured to not include applications with the following characteristics: - Backs up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - Transmits MD diagnostic data to non-DoD servers; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007400 - The Apple iOS/iPadOS 18 allow list must be configured to not include applications with the following characteristics: - Backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmits MD diagnostic data to non-DOD servers; - Allows synchronization of data or applications between devices associated with user; - Allows unencrypted (or encrypted but not FIPS 140-3 validated) data sharing with other MDs or printers; - Backs up its own data to a remote system; and - Uses artificial intelligence (AI), which processes data in the cloud (off device). Exception: Apple Intelligence Private Cloud Compute (PCC) - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-009810 - AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| CIS_Red_Hat_Enterprise_Linux_8_v4.0.0_L2_Workstation.audit from CIS Red Hat Enterprise Linux 8 4.0.0 | CIS Red Hat Enterprise Linux 8 v4.0.0 L2 Workstation | Unix | |
| CIS_Red_Hat_Enterprise_Linux_10_v1.0.1_L1_Server.audit from CIS Red Hat Enterprise Linux 10 1.0.1 | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_10_v1.0.1_L1_Workstation.audit from CIS Red Hat Enterprise Linux 10 1.0.1 | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Workstation | Unix | |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-000496 - OL 9 must check the GPG signature of locally installed software packages before installation. | DISA Oracle Linux 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021100 - The Red Hat Enterprise Linux operating system must have cron logging implemented. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040540 - The Red Hat Enterprise Linux operating system must not contain .shosts files. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040550 - The Red Hat Enterprise Linux operating system must not contain shosts.equiv files. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040611 - The Red Hat Enterprise Linux operating system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040612 - The Red Hat Enterprise Linux operating system must use a reverse-path filter for IPv4 network traffic when possible by default. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040750 - The Red Hat Enterprise Linux operating system must be configured so that the Network File System (NFS) is configured to use RPCSEC_GSS. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-671010 - RHEL 9 must enable FIPS mode. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-020100 - The legacy remote network access utilities daemons must not be installed. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020100 - The legacy remote network access utilities daemons must not be installed. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-100010 - The /etc/zones directory, and its contents, must have the vendor default owner, group, and permissions. | DISA Solaris 11 SPARC STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-100010 - The /etc/zones directory, and its contents, must have the vendor default owner, group, and permissions. | DISA Solaris 11 X86 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| TNS_Salesforce_Best_Practices_v1.2.0.audit from TNS Salesforce Best Practices Audit v1.2.0 | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
