| 1.2 Disable Unused Connectors | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.2.2 Verify Red Hat GPG Key is Installed | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Ensure latest version of Cassandra is installed | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.6.1 Ensure XD/NX support is enabled | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS MySQL 5.6 Community Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.3.1 Ensure AIDE is installed | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.3.1 Ensure AIDE is installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.9.108.1.3 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.108.1.3 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| AIOS-14-001100 - The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007200 - Apple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-007200 - Apple iOS/iPadOS 16 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-007400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- transmits MD diagnostic data to non-DOD servers;- allows synchronization of data or applications between devices associated with user; and- allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| Allow user-level native messaging hosts (installed without admin permissions) | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow user-level native messaging hosts (installed without admin permissions) | MSCT Edge v86 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow user-level native messaging hosts (installed without admin permissions) | MSCT Edge v87 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DO0320-ORACLE11 - Application role permissions should not be assigned to the Oracle PUBLIC role - 'PUBLIC role has no granted roles' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| Ensure filesystem integrity is regularly checked | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure GPG keys are configured - apt-key list | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| FNFG-FW-000070 - The FortiGate firewall must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000355 - The JBoss server must separate hosted application functionality from application server management functionality. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000550 - Production JBoss servers must log when failed application deployments occur. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| JRE8-WN-000150 - Oracle JRE 8 must enable the dialog to enable users to check publisher certificates for revocation - deployment.security.validation.crl | DISA STIG Oracle JRE 8 Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-033800 - SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| vCenter : Verify-RDP-encryption | VMWare vSphere 5.X Hardening Guide | VMware | |
| VMCH-06-000029 - The system must disconnect unauthorized CD/DVD devices. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000031 - The system must disconnect unauthorized serial devices. | DISA STIG VMware vSphere Virtual Machine 6.x v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-65-000028 - Unauthorized floppy devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere Virtual Machine 6.5 v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-65-000029 - Unauthorized CD/DVD devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere Virtual Machine 6.5 v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000008 - Unauthorized floppy devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000010 - Unauthorized parallel devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-80-000212 Virtual machines (VMs) must remove unneeded serial devices. | DISA VMware vSphere 8.0 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
