| 2.1 Configure NTP time synchronization | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure NTP time synchronization is configured properly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure NTP time synchronization is configured properly | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteEngine on' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.125 - File and Folder Publish to Web option unavailable. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure HSTS Header is set - Server | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is disabled | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure TLS 1.1 is enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure TLS 1.2 is enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure TLS 1.2 is Enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure NULL Cipher Suites is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 40/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 56/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 64/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure AES 256/256 Cipher Suite is Enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure AES 128/128 Cipher Suite is configured | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.14 Ensure TLS Cipher Suite ordering is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.25 Set 'Userdata persistence' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.4 (L1) Ensure 'Publish to web' is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 15 - Restrict access to web application directory - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| DTOO180 - Office System - Vector markup Language (VML) for displaying graphics in browsers must be disallowed. | DISA STIG Office System 2010 v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000012 - Search suggestions must be disabled. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-06-000003 - The system must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| Store passwords using reversible encryption | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Store passwords using reversible encryption | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000080 - Symantec ProxySG must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000530 - Symantec ProxySG must implement load balancing to limit the effects of known and unknown types of denial-of-service (DoS) attacks. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| vCenter : verify-client-plugins | VMWare vSphere 5.X Hardening Guide | VMware | |
| VCWN-06-000003 - The system must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000042 - Passwords must contain at least one numeric character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000041 - The vCenter Server for Windows passwords must contain at least one lowercase character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| vNetwork : reject-promiscuous-mode-dvportgroup | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : restrict-port-level-overrides | VMWare vSphere 6.0 Hardening Guide | VMware | |
| WA000-WWA030 A22 - The httpd.conf MaxSpareServers directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : Data Loss Prevention Signature Update - 'Enabled' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| WatchGuard : IPS Logging Threat Level Critical - Enabled | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | AUDIT AND ACCOUNTABILITY |
| WatchGuard : SNMP Configuration - community string - 'private' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | IDENTIFICATION AND AUTHENTICATION |
