| 1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure GDM disable-user-list is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.6 Ensure net.ipv4.icmp_ignore_bogus_error_responses is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.13 Ensure net.ipv4.conf.default.rp_filter is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.13 Ensure net.ipv4.conf.default.rp_filter is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure network interfaces are not in promiscuous mode | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| AIOS-18-012400 - Apple iOS/iPadOS 18 must not allow unmanaged apps to read contacts from managed contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012600 - Apple iOS/iPadOS 18 must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012800 - Apple iOS/iPadOS 18 must disable 'Allow setting up new nearby devices' - Allow setting up new nearby devices. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012900 - Apple iOS/iPadOS 18 must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-013000 - Apple iOS/iPadOS 18 must disable password sharing. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014600 - Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015000 - Apple iOS/iPadOS 18 must disable app installation from a website. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016000 - Apple iOS/iPadOS 18 must disable the ability of the user to wipe the device. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016800 - Apple iOS/iPadOS 18 must disable AirPrint: Allow storage of AirPrint credentials in Keychain. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-017200 - Apple iOS/iPadOS 18 must disable the Apple Intelligence feature: Image Wand. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| CASA-FW-000280 - The Cisco ASA must be configured to inspect all inbound and outbound IPv6 traffic for unknown or out-of-order extension headers. | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-FW-000290 - The Cisco ASA must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF) - network-object | DISA STIG Cisco ASA FW v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| GEN000340 - UIDs reserved for system accounts must not be assigned to non-system accounts. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001170 - All files and directories must have a valid group owner. | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN001840 - All global initialization files' executable search paths must contain only absolute paths - '/etc/profile' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001850 - Global initialization files' lists of preloaded libraries must contain only absolute paths - '/etc/bashrc' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001850 - Global initialization files' lists of preloaded libraries must contain only absolute paths - '/etc/profile' | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003510 - Kernel core dumps must be disabled unless needed - 'primary dump device' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN005524 - The SSH daemon must not permit GSSAPI authentication unless needed. | DISA AIX 5.3 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005610 - The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN006580 - The system must use an access control program. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008640 - The system must not use removable media as the boot loader - 'normal' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN008640 - The system must not use removable media as the boot loader - 'prevboot' | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010111 - The SUSE operating system must restrict privilege elevation to authorized personnel. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010631 - The SUSE operating system must not have unnecessary account capabilities. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030363 - The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030365 - The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| WN25-00-000010 - Windows Server 2025 users with administrative privileges must have separate accounts for administrative duties and normal operational tasks. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-00-000040 - Windows Server 2025 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-00-000110 - Windows Server 2025 must use an antivirus program. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-00-000450 - Windows Server 2025 must have orphaned security identifiers (SIDs) removed from user rights. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-00-000460 - Windows Server 2025 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-CC-000260 - Windows Server 2025 Windows Update must not obtain updates from other PCs on the internet. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-DC-000330 - Windows Server 2025 domain controllers must be configured to allow reset of machine account passwords. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-DC-000430 - The password for the krbtgt account on a domain must be reset at least every 180 days. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-MS-000050 - Windows Server 2025 must limit the caching of logon credentials to four or less on domain-joined member servers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000030 - The Windows Server 2025 built-in administrator account must be renamed. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000100 - Windows Server 2025 maximum age for machine account passwords must be configured to 30 days or less. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000220 - Windows Server 2025 must not allow anonymous enumeration of Security Account Manager (SAM) accounts. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000330 - Windows Server 2025 session security for NTLM SSP-based clients must be configured to require NTLMv2 session security and 128-bit encryption. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000370 - Windows Server 2025 default permissions of global system objects must be strengthened. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-UC-000010 - Windows Server 2025 must preserve zone information when saving attachments. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
