| 1.1.6.2 Ensure 'Synchronize Outlook RSS Feeds with Common Feed List' is set to Disabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.4 Ensure Installation of App Update Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.7.3 Ensure GDM disable-user-list option is enabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.8.3 Ensure GDM disable-user-list option is enabled | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.6.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1.14 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.6 Validate Proxy Settings | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| CASA-FW-000170 - The Cisco ASA perimeter firewall must be configured to filter traffic destined to the enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-003000 - The DB2 software installation account must be restricted to authorized users. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| DTOO126 - Add-on Management functionality must be allowed. | DISA STIG Microsoft Excel 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO126 - Add-on Management functionality must be allowed. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO126 - Add-on Management functionality must be allowed. | DISA STIG Microsoft Sharepoint Designer 2013 v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO126 - Add-on Management functionality must be allowed. | DISA STIG Microsoft Visio 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO281 - RSS feed synchronization with Common Feed List must be disallowed. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO506 - Add-on Management functionality must be allowed in PowerPoint Viewer. | DISA STIG Microsoft PowerPoint 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.vmk-management | VMware vSphere Security Configuration and Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000125 - Exchange software must be monitored for unauthorized changes. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| FGFW-ND-000155 - The FortiGate device must limit privileges to change the software resident within software libraries. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| GEN002750 - The audit system must be configured to audit account creation - naflags +ua and -ua | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN002752 - The audit system must be configured to audit account disabling - naflags +ua and -ua | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN002753 - The audit system must be configured to audit account termination - flags +ua and -ua | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN002753 - The audit system must be configured to audit account termination - naflags ua | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004660 - The SMTP service must not have the EXPN feature active. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004660 - The SMTP service must not have the EXPN feature active. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005580 - A system used for routing must not run other network services or applications. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005580 - A system used for routing must not run other network services or applications. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| MS.EXO.13.1v1 - Mailbox auditing SHALL be enabled. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, INCIDENT RESPONSE, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000220 - OHS must have all applicable patches (i.e., CPUs) applied/documented (OEM). | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| RHEL-07-010030 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - access | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| vSAN: vsan-8.data-in-transit | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| WA230 IIS6 - The site software used with the web server must have all applicable security patches applied and documented. | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WBLC-09-000257 - Oracle WebLogic must provide system notifications to a list of response personnel who are identified by name and/or role - Module HealthState | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-09-000257 - Oracle WebLogic must provide system notifications to a list of response personnel who are identified by name and/or role - Module HealthState | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WG440 W22 - Monitoring software must include CGI or equivalent programs in its scope. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN16-00-000240 - System files must be monitored for unauthorized changes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| XenServer - List physical storage locations | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
