| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 18c Windows v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1.2.3 Ensure 'Enable RPC encryption' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.4 Ensure 'Message Formats' is set to 'Enabled: S/MIME' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.2.5 Ensure 'Minimum encryption settings' is set to 'Enabled: 256' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.65.3.9.3 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.65.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.3.9.5 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 45.16 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 45.17 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| OL08-00-010070 - All OL 8 remote access methods must be monitored. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-010287 - The OL 8 SSH daemon must be configured to use system-wide crypto policies. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-010294 - The OL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-040161 - OL 8 must force a frequent session key renegotiation for SSH connections to the server. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| PHTN-67-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-08-040100 - A firewall must be installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| SLES-12-030270 - The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL |
| UBTU-18-010421 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| UBTU-20-010403 - The Ubuntu operating system must monitor remote access methods. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| UBTU-20-010433 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| VCFL-67-000007 - vSphere Client must be configured to only communicate over TLS 1.2. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL |
| VCRP-67-000005 - The rhttpproxy must produce log records containing sufficient information to establish the source of events. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - privateKey | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-70-000006 - Envoy must exclusively use the HTTPS protocol for client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL |
