| 1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.11 Ensure host-based intrusion detection tool is used - MFEhiplsm package | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.27.8 Ensure 'Control how Office handles form-based sign-in prompts' is set to 'Enabled: Block all prompts' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.3.1 Ensure That Microsoft Defender for Servers Is Set to 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 12.50 Intrusion detection system on host - 'Utilize' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | |
| 12.50 Intrusion detection system on host - 'Utilize' | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
| CIS_Amazon_Linux_2_STIG_v1.0.0_L1.audit from CIS Amazon Linux 2 STIG Benchmark v1.0.0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | |
| CIS_Amazon_Linux_2_STIG_v1.0.0_L2.audit from CIS Amazon Linux 2 STIG Benchmark v1.0.0 | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | |
| CIS_Amazon_Linux_2_STIG_v1.0.0_L3.audit from CIS Amazon Linux 2 STIG Benchmark v1.0.0 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | |
| CIS_Apple_macOS_15.0_Sequoia_v1.0.0_L1.audit from CIS Apple macOS 15.0 Sequoia Benchmark v1.0.0 | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | |
| CIS_Apple_macOS_15.0_Sequoia_v1.0.0_L2.audit from CIS Apple macOS 15.0 Sequoia Benchmark v1.0.0 | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | |
| CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_L1_DC.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0 | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | |
| CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_L1_MS.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0 | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | |
| CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_NG_DC.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0 | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 NG DC | Windows | |
| CIS_Azure_Compute_Microsoft_Windows_Server_2019_v1.0.0_NG_MS.audit from CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.0 | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 NG MS | Windows | |
| CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | |
| CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Server L2 v1.0.0 | Unix | |
| CIS_Fedora_28_Family_Linux_Workstation_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | |
| CIS_Fedora_28_Family_Linux_Workstation_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Workstation L2 v1.0.0 | Unix | |
| CIS_Microsoft_Exchange_Server_2016_Level_1_CAS_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2016_Level_1_Edge_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2016_Level_1_Hub_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2016_Level_1_Mailbox_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Mailbox v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2016_Level_1_UM_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 UM v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Mozilla_Firefox_ESR_GPO_v1.0.0_L1.audit from CIS Mozilla Firefox ESR GPO Benchmark v1.0.0 | CIS Mozilla Firefox ESR GPO v1.0.0 L1 | Windows | |
| CIS_Mozilla_Firefox_ESR_GPO_v1.0.0_L2.audit from CIS Mozilla Firefox ESR GPO Benchmark v1.0.0 | CIS Mozilla Firefox ESR GPO v1.0.0 L2 | Windows | |
| CIS_Palo_Alto_Firewall_8_Benchmark_L1_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | |
| CIS_Palo_Alto_Firewall_8_Benchmark_L2_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | |
| DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAM154 - McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO104 - Outlook - Disable user name and password syntax from being used in URLs | DISA STIG Office 2010 Outlook v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AS-000119 - The BIG-IP ASM module must be configured to automatically update malicious code protection mechanisms when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000014 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-IP-000015 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect code injection attacks launched against application objects, including, at a minimum, application URLs and application code. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-IP-000016 - To protect against unauthorized data mining, the Juniper Networks SRX Series Gateway IDPS must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000023 - The IDPS must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected that indicate a compromise or potential for compromise. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000024 - The Juniper Networks SRX Series Gateway IDPS must generate an alert to, at a minimum, the ISSO and ISSM when root-level intrusion events that provide unauthorized privileged access are detected. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.11.3v1 - The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-IP-000051 - The Palo Alto Networks security platform must send an alert to, at a minimum, the ISSO and ISSM when intrusion detection events are detected which indicate a compromise or potential for compromise. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - SSL Control - Detect MD5 Digest | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - Client limits | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000670 - Symantec ProxySG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial-of-service (DoS) incidents are detected - DoS incidents are detected. Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND INFORMATION INTEGRITY |
| XenServer - Disallow unplug detection on the storage network interface | TNS Citrix XenServer | Unix | |
