| 1.3.1 Ensure AIDE is installed | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.3.1 Ensure AIDE is installed | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles | CIS MySQL 8.0 Community Linux OS L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bash_profile | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bash_profile | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bashrc | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bashrc | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile | CIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 14 OS v 1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | CIS PostgreSQL 13 OS v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | CIS PostgreSQL 13 OS v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Configure Secure Empty Trash | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Enable XD/NX Support on 32-bit x86 Systems | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.6.9.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.6.9.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.12 Require an administrator password to access system-wide preferences | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.17 Secure individual keychains and items | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.18 Secure individual keychains and items | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure No Anonymous Accounts Exist | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 8.1.17 Set 'Allow installation of desktop items' to 'Enabled:Disable' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 20.18 Ensure 'Directory data (outside the root DSE) of a non-public directory is configured' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.18 Ensure 'Directory data (outside the root DSE) of a non-public directory is configured' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000335 - Adobe Reader DC must disable periodical uploading of Adobe certificates. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Content Caching Service | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Content Caching Service | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-AIX0300 - The system must not have the bootp service active. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0300 - The system must not have the bootp service active. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'root has logged in over a network' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'ssh is running' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Content Caching Service | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT |
| MS.TEAMS.5.1v1 - Agencies SHOULD only allow installation of Microsoft apps approved by the agency. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND INFORMATION INTEGRITY |
| OL07-00-010350 - The Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Password Strength Check - Enabled | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000199 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000063 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000064 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-010420 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| WDNS-SC-000010 - The Name Resolution Policy Table (NRPT) must be configured in Group Policy to enforce clients to request DNSSEC validation for a domain. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-CC-000109 - Automatic download of updates from the Windows Store must be turned off. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-000600 - All high-value IT resources must be assigned to a specific administrative tier to separate highly sensitive resources from less sensitive resources. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
