| 3.2.1 Restrict Recursive Queries | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 1' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 2' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Restrict Zone-Transfers 'Zone Transfer Server 1' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Restrict Zone-Transfers 'Zone Transfer Server 2' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Using Update Policy 'grant' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Using Update Policy 'keys' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Using Update Policy 'zone' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Enable GSS-TSIG 'algorithm' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Enable GSS-TSIG 'key' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Enable GSS-TSIG 'tkey-domain' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Enable GSS-TSIG 'tkey-gssapi-credential' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Implement DNSSEC 'INCLUDE' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Use Unique Keys for Each Pair of Hosts - unique secret | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Use Unique Keys for Each Pair of Hosts - unique secret | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Enable DNSSEC Validation - dnssec-enable | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Enable DNSSEC Validation - dnssec-validation | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001650 - A BIND 9.x server implementation must maintain the integrity and confidentiality of DNS information while it is being prepared for transmission, in transmission, and in use and must perform integrity verification and data origin verification for all DNS information. | DISA BIND 9.x STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000080 - Exchange Internet-facing Send connectors must specify a Smart Host. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000105 - Exchange Internet-facing Send connectors must specify a Smart Host. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000160 - Exchange Internet-facing Send connectors must specify a Smart Host. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000210 - Exchange Internet-facing Send connectors must specify a Smart Host. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000095 - Exchange internet-facing send connectors must specify a Smart Host. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000106 - Exchange internet-facing send connectors must specify a smart host. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300013 - An authoritative name server must be configured to enable DNSSEC Resource Records. | DISA F5 BIG-IP TMOS DNS STIG v1r1 | F5 | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DN-300028 - A BIG-IP DNS server implementation must provide additional data origin artifacts along with the authoritative data the system returns in response to external name/address resolution queries. | DISA F5 BIG-IP TMOS DNS STIG v1r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000002 - The Windows 2012 DNS Server must include data origin with authoritative data the system returns in response to external name/address resolution queries. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000006 - WINS lookups must be disabled on the Windows 2012 DNS Server. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000007 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data integrity to DNS resolvers. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
