| 1.2 (L1) Ensure the Image Profile VIB acceptance level is configured properly | CIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.2.1.4 Ensure 'Bind to Object' is set to Enabled - excel.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.4 Ensure 'Bind to Object' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.4 Ensure 'Bind to Object' is set to Enabled - onent.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.4 Ensure 'Bind to Object' is set to Enabled - powerpnt.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.4 Ensure 'Bind to Object' is set to Enabled - pptview.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.67 (L2) Ensure 'Configure Speech Recognition' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 (L1) Ensure expired and revoked SSL certificates are removed from the ESXi server | CIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal | Unix | ACCESS CONTROL |
| 3.1 (L1) Ensure a centralized location is configured to collect ESXi host core dumps | CIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ensure X-Powered-By Header is removed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.11 Ensure X-Powered-By Header is removed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 4.1 (L1) Ensure a non-root user account exists for local admin access | CIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal | Unix | ACCESS CONTROL |
| 4.6 (L1) Ensure Active Directory is used for local user authentication | CIS VMware ESXi 7.0 v1.5.0 L1 Bare Metal | Unix | ACCESS CONTROL |
| 5.7 (L2) Ensure the SSH authorized_keys file is empty | CIS VMware ESXi 7.0 v1.5.0 L2 Bare Metal | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure SOAP messages are Signed and encrypted with WS-Security policy | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC2 Cipher Suites is disabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.13 Ensure AES 256/256 Cipher Suite is enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | |
| 8.1.22 Set 'Userdata persistence' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.1 Ensure unnecessary or superfluous functions inside VMs are disabled | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 10.4 Force SSL when accessing the manager application via HTTP | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_MS_IIS_10_v1.2.1_Level_2.audit from CIS Microsoft IIS 10 Benchmark v1.2.1 | CIS IIS 10 v1.2.1 Level 2 | Windows | |
| DISA_STIG_Adobe_Acrobat_Pro_DC_Classic_Track_v2r1.audit from DISA Adobe Acrobat Professional DC Classic Track v2r1 STIG | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | |
| DISA_STIG_Apache_Site-2.2_Windows_v1r13.audit from DISA APACHE 2.2 Site for Windows v1r13 STIG | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTBI770-IE11 - Deleting websites that the user has visited must be disallowed. | DISA STIG IE 11 v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| Include Refresh in Session Records | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| Remote user login policy | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| SonicWALL - AutoDownload Firmware - Enabled | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| System Alias and Banners - Controller CLI Banner | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - localhost | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - main | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-80-000142 The vCenter Lookup service default ROOT web application must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCST-80-000142 The vCenter STS service default ROOT web application must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-80-000142 The vCenter UI service default ROOT web application must be removed. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-06-000001 - The system must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000043 - Passwords must contain at least one special character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000003 - The vCenter Server for Windows must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000040 - The vCenter Server for Windows passwords must contain at least one uppercase character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000042 - The vCenter Server for Windows passwords must contain at least one numeric character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000043 - The vCenter Server for Windows passwords must contain at least one special character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000046 - The vCenter Server for Windows must set the interval for counting failed login attempts to at least 15 minutes. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | ACCESS CONTROL |
| WatchGuard : Gateway AntiVirus - 'Enabled' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND INFORMATION INTEGRITY |
| WatchGuard : IPS Logging Threat Level Medium - Enabled | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | AUDIT AND ACCOUNTABILITY |
| WatchGuard : SNMP Configuration - community string - 'public' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | IDENTIFICATION AND AUTHENTICATION |
