| 1.1.12 Add noexec Option to Removable Media Partitions | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.13 Add nosuid Option to Removable Media Partitions | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Secure DB2 Runtime Library | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 2.8.1.1 Ensure the OS Is Not Active When Resuming from Standby (Intel) | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.17 Secure permissions for the primary archive log location - LOGARCHMETH1 OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 3.1.19 Secure permissions for the tertiary archive log location - FAILARCHPATH OS Permissions | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.8 (L1) Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.8 Ensure 'Post-authentication actions: Actions' is set to 'Enabled: Reset the password and logoff the managed account' or higher | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-006840 - AlmaLinux OS 9 must have the sudo package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-006845 - AlmaLinux OS 9 must have the postfix package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-007610 - AlmaLinux OS 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-019270 - AlmaLinux OS 9 must not have unauthorized IP tunnels configured. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-021360 - AlmaLinux OS 9 SSH daemon must not allow rhosts authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-026310 - AlmaLinux OS 9 must mount /boot with the nodev option. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-026860 - AlmaLinux OS 9 must mount /tmp with the nodev option. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-026970 - AlmaLinux OS 9 must mount /tmp with the noexec option. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-028950 - AlmaLinux OS 9 must not have the sendmail package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-033460 - The pcscd socket on AlmaLinux OS 9 must be active. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039840 - AlmaLinux OS 9 must have the crypto-policies package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | MAINTENANCE |
| APPL-14-000054 The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| CD12-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| CD12-00-003700 - When invalid inputs are received, PostgreSQL must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| List crash dumps | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| List non-default VM templates | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| List VM CPU allocations | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| NTP client configured | TNS Citrix Hypervisor | Unix | AUDIT AND ACCOUNTABILITY |
| O121-C2-018600 - The DBMS must automatically terminate emergency accounts after an organization-defined time period for each type of account. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| OL07-00-030870 - The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PPS9-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| PPS9-00-001000 - The EDB Postgres Advanced Server must provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SLES-15-030060 - The SUSE operating system must generate audit records for all uses of the ssh-keysign command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030070 - The SUSE operating system must generate audit records for all uses of the passwd command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030100 - The SUSE operating system must generate audit records for a uses of the chsh command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030110 - The SUSE operating system must generate audit records for all uses of the unix_chkpwd or unix2_chkpwd commands. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030560 - The SUSE operating system must generate audit records for all uses of the sudo command. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020770 - Successful/unsuccessful uses of the unix_update command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| XenServer - List crash dumps | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
| XenServer - List non-default VM templates | TNS Citrix XenServer | Unix | |
| XenServer - List VM memory allocations | TNS Citrix XenServer | Unix | CONFIGURATION MANAGEMENT |
