| 4.1.4 Ensure ufw outgoing default is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure ufw outgoing default is configured | CIS Debian Linux 13 v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure ufw outgoing default is configured | CIS Debian Linux 13 v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure ufw outgoing default is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure ufw routed default is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure ufw routed default is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure ufw routed default is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure ufw routed default is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| BIND-9X-001680 - The BIND 9.x server implementation must be configured to use only approved ports and protocols. | DISA BIND 9.x STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. | DISA STIG Cisco ASA VPN v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CNTR-K8-000940 - The Kubernetes Controllers must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000960 - The Kubernetes cluster must use non-privileged host ports for user pods. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| EDGE-00-000048 - Supported authentication schemes must be configured. | DISA STIG Edge v2r3 | Windows | CONFIGURATION MANAGEMENT |
| EPAS-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| F5BI-VN-300024 - The IPsec BIG-IP appliance must use IKEv2 for IPsec VPN security associations. | DISA F5 BIG-IP TMOS VPN STIG v1r1 | F5 | CONFIGURATION MANAGEMENT |
| FGFW-ND-000200 - The FortiGate device must prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | CONFIGURATION MANAGEMENT |
| GEN007480 - The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required. | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000230 - The Juniper EX switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| MADB-10-003500 - MariaDB must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OL08-00-040030 - OL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Oracle Linux 8 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000222 - OL 9 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| OS10-NDM-000340 - The Dell OS10 Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| RHEL-08-040030 - RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000480 - When configuring Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements. | DISA STIG SharePoint 2010 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-017400 - SQL Server must support the organizational requirements to specifically prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| UBTU-20-010407 - The Ubuntu operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000037 The vCenter Lookup service must be configured to use a specified IP address and port. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCST-80-000037 The vCenter STS service must be configured to use a specified IP address and port. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-80-000037 The vCenter UI service must be configured to use a specified IP address and port. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000980 - The WebSphere Application Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WBSP-AS-000980 - The WebSphere Application Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| WN11-00-000105 - Simple Network Management Protocol (SNMP) must not be installed on the system. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000115 - The Telnet Client must not be installed on the system. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000330 - Windows Server 2022 must not have the Microsoft FTP service installed unless required by the organization. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000360 - Windows Server 2022 must not have the Telnet Client installed. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-00-000333 - Windows Server 2025 must not have Bluetooth enabled unless required by the organization. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
