| 1.1.2 (L1) Ensure two emergency access accounts have been defined | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 3.2 - Default Accounts - Admin user has been renamed - create new admin | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 4.2.20 Ensure SSH LoginGraceTime is set to one minute or less | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 4.2.20 Ensure SSH LoginGraceTime is set to one minute or less | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | ACCESS CONTROL |
| 5.1.5 Ensure an Inventory of user accounts is established and maintained | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.5 NFS - 'wafl.default_nt_user has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'wafl.nt_admin_priv_map_to_root = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - AFP Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.2.11 (L1) Ensure the SharePoint default sharing link permission is set | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 8.5.2 (L1) Ensure anonymous users and dial-in callers can't start a meeting | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 8.5.4 (L1) Ensure users dialing in can't bypass the lobby | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 8.5.5 (L2) Ensure meeting chat does not allow anonymous users | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL |
| 8.5.7 (L1) Ensure external participants can't give or request control | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | ACCESS CONTROL |
| 18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL |
| 18.10.12.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL |
| 18.10.12.1 Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 18.10.13.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 20.26 Ensure 'Emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.45 Ensure 'Outdated or unused accounts are removed or disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 34.4 (L1) Ensure 'Disable Consumer Account State Content' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL |
| Account Management - Review disabled user accounts | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | ACCESS CONTROL |
| Account Management - Review disabled user accounts | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Big Sur - Disable Guest Access to Shared SMB Folders | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL |
| Big Sur - Disable Guest Access to Shared SMB Folders | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Big Sur - Disable Guest Access to Shared SMB Folders | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL |
| Brocade - administrator account is enabled with admin role assigned | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Ensure known default accounts do not exist - cmd_exec | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Fortigate - Ensure default admin usernames are not used | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Monterey - Disable Guest Access to Shared SMB Folders | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL |
| Monterey - Disable Guest Access to Shared SMB Folders | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| Review Users per Rackspace Database Instance | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Salesforce.com : Monitoring Login History - 'No users are password locked' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'PermissionsPasswordNeverExpires = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : User Access - 'No new users have been created since the last scan' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
