| 1.2.2 Verify Red Hat GPG Key is Installed | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1 Ensure Syslog Logging is configured | CIS Cisco NX-OS L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.1 Enable Secure Admin Access - 'autologout.telnet.timeout <= 5' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X Window System is not installed | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Require Client-Side Certificates (X.509) | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Require Client-Side Certificates (X.509) | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16 Require Client-Side Certificates (X.509) | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16 Require Client-Side Certificates (X.509) | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL RDBMS | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16 Require Client-Side Certificates (X.509) | CIS MySQL 8.0 Community Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 loginretries | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 4.2.4 Enable AI /heuristic based malware detection | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.1 Ensure X-Frame-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.3.2 Ensure X-Content-Type-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.5.3 Ensure password reuse is limited | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.6.1.3 Ensure Minimum Backoff Factor of 5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 7.7 Prevent X server from listening on port 6000/tcp (Solaris 9) | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 7.7 Prevent X server from listening on port 6000/tcp, Check if file permissions for /etc/dt/config/Xservers are OK (Solaris 9) | CIS Solaris 9 v1.3 | Unix | |
| 7.10 Repairing permissions is no longer needed | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Repairing permissions is no longer needed | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Linux L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Disable JAR from Opening Unsafe File Types | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| BIND-9X-001320 - The core BIND 9.x server files must be owned by the root or BIND 9.x process account. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTOO139 - The Save commands default file format must be configured. | DISA STIG Microsoft Word 2016 v1r1 | Windows | CONFIGURATION MANAGEMENT |
| Fortigate - Inactivity timeout - 'console' <= 300 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| GEN005160 - Any X Windows host must write .Xauthority files. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005160 - Any X Windows host must write .Xauthority files. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN005160 - Any X Windows host must write .Xauthority files. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| MD4X-00-006600 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Wi-Fi Interface | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL |
| RHEL-06-000068 - The system boot loader must require authentication - BIOS | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000068 - The system boot loader must require authentication - UEFI | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000525 - Auditing must be enabled at boot by setting a kernel parameter - BIOS | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEV: Clusters Memory Balooning | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Storage Domains - Backup storage | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: VMs copy/paste feature | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: VMs file transfer feature | Tenable RedHat Enterprise Virtualization | RHEV | |
| SonicWALL - Flood Protection - TCP - Timeout <= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - PW Policy - Lockout Duration - >= 5 minutes | TNS SonicWALL v5.9 | SonicWALL | ACCESS CONTROL |
