| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Linux v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Windows v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Windows v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 12c Linux v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4 Ensure 'LOCAL_LISTENER' Is Set Appropriately | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept' | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.3 Enable Outbreak Prevention Database | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.4 Enable AI /heuristic based malware detection | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.6 Ensure inline scanning with FortiGuard AI-Based Sandbox Service is enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure XProtect Is Running and Updated | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure XProtect Is Running and Updated | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure XProtect Is Running and Updated | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.10 Ensure XProtect Is Running and Updated | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.10 Ensure XProtect Is Running and Updated | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure XProtect Is Running and Updated | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure XProtect Is Running and Updated | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure XProtect Is Running and Updated | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure XProtect Is Running and Updated | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature. | DISA STIG Cisco ASA NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS VMware ESXi 6.5 v1.0.0 Level 2 | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | |
| CNTR-K8-000290 - User-managed resources must be created in dedicated namespaces. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EX13-MB-000265 - Exchange servers must have an approved DoD email-aware virus protection software installed. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-MB-000530 - Exchange servers must have an approved DoD email-aware virus protection software installed. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - Binary analysis AV-suite is enabled | TNS FireEye | FireEye | SYSTEM AND INFORMATION INTEGRITY |
| FireEye - TNS Best Practices FireEye Audit | TNS FireEye | FireEye | |
| Fortigate - AV Grayware | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000031 - The Juniper Networks SRX Series Gateway IDPS must either forward the traffic from inbound connections to be more deeply inspected for malicious code and Layer 7 threats, or the Antivirus and Unified Threat Management (UTM) license must be installed, active, and policies and rules configured. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| KNOX-07-012600 - The Samsung Android 7 with Knox must implement the management setting: Disable USB host storage. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| SLES-12-010370 - The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040010 - The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SonicWALL - Client AV Enforcement On - DMZ | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Client AV Enforcement On - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Client AV Enforcement On - WLAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - GAV ON - DMZ | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - GAV ON - LAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - GAV ON - WAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - GAV ON - WLAN | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - FTP Outbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - POP3 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SonicWALL - Security Services - Gateway AV - TCP Stream Inbound | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| TNS_Alcatel_Nokia_TiMOS_Best_Practices.audit from TNS Alcatel/Nokia TiMOS Best Practices | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | |
| TNS_Best_Practice_RedHat_JBoss_v7_Linux.audit from TNS Best Practice JBoss 7 Linux | TNS Best Practice JBoss 7 Linux | Unix | |
| TNS_BestPractice_Citrix_XenServer.audit from TNS Citrix XenServer Best Practices | TNS Citrix XenServer | Unix | |
| WNDF-AV-000004 - Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
