| 1.2.18 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | CIS Kubernetes v1.11.1 L1 Master Node | Unix | AUDIT AND ACCOUNTABILITY |
| 1.5 Installing ISC BIND 9 - bind9 installation | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure 'TLS 1.0' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Prevent Database Users from Logging into the Operating System | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.5 Ensure 'REMOTE_LISTENER' Is Empty | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.21 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.20 Set 'Number of attempts allowed' to '10' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages - Non-default Packages | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.10.35.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.66.1 (L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-003325 - AlmaLinux OS 9 SSH server must be configured to use only FIPS 140-3 validated key exchange algorithms. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-004090 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-037200 - AlmaLinux OS 9 PAM must be configured to use a sufficient number of password hashing rounds. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| BIND-9X-001010 - A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| BIND-9X-001080 - A BIND 9.x implementation configured as a caching name server must restrict recursive queries to only the IP addresses and IP address ranges of known supported clients. | DISA BIND 9.x STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Microsoft Edge Version 83 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Edge v86 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Microsoft Edge Version 81 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Microsoft Defender SmartScreen to block potentially unwanted apps | MSCT Microsoft Edge Version 80 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EDGE-00-000051 - Microsoft Defender SmartScreen must be configured to block potentially unwanted apps. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-10-000400 - Google Android 10 must be configured to lock the display after 15 minutes (or less) of inactivity. | AirWatch - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| O19C-00-010500 - The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-BP-023900 - The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C2-015100 - DBMS passwords must not be stored in compiled, encoded, or encrypted batch jobs or compiled, encoded, or encrypted application source code. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000184 - The CustomIdentityKeyStorePassPhrase property of the Node Manager configured to support OHS must be configured for secure communication. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232035 - RHEL 9 audit tools must have a mode of 0755 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-251030 - RHEL 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-253010 - RHEL 9 must be configured to use TCP syncookies. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255030 - RHEL 9 must log SSH connection attempts and failures to the server. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-412065 - RHEL 9 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-65-000057 - The vCenter Server for Windows must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| ZEBR-10-000400 - Zebra Android 10 must be configured to lock the display after 15 minutes (or less) of inactivity. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-000400 - Zebra Android 10 must be configured to lock the display after 15 minutes (or less) of inactivity. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-006100 - Zebra Android 10 must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
