| 1.1.20 Ensure noexec option set on removable media partitions | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - security=apparmor | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.027 - Printer share permissions are not configured as recommended. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| 4.1.17 Ensure the audit configuration is immutable | CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.allow | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.5 Ensure default user umask is configured - system wide default | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.5 Ensure default user umask is configured - system wide umask | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.5 Ensure default user umask is configured - system wide umask | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.6 Ensure permissions on /etc/passwd- are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.7 Ensure permissions on /etc/shadow- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.9 Ensure users own their home directories | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.5.3 Ensure additional storage providers are restricted in Outlook on the web | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.6 Ensure SharePoint external sharing is managed through domain whitelist/blacklists | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| DG0009-ORACLE11 - Access to DBMS software files and directories should not be granted to unauthorized users - 'umask < 0022' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| GEN000290 - The system must not have unnecessary accounts - 'lp does not exsit' | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN000980 - The system must prevent the root account from directly logging in except from the system console. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001190 - All network services daemon files must not have extended ACLs - /usr/sbin/* | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/sbin/*' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/usr/sbin/*' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001270 - System log files must not have extended ACLs, except as needed to support authorized software. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001290 - All manual page files must not have extended ACLs - '/usr/share/infopage/*' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001361 - NIS/NIS+/yp command files must not have extended ACLs - '/var/nis' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001390 - The /etc/passwd file must not have an extended ACL. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001590 - All run control scripts must have no extended ACLs - '/etc/rc*' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.dispatch' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN001890 - Local initialization files must not have extended ACLs - '.dtprofile' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN002330 - Audio devices must not have extended ACLs. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditcat' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditmerge' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/etc/cron.daily' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/etc/cron.monthly' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/var/spool/cron/crontabs/*' | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN003190 - The cron log files must not have extended ACLs. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN003245 - The at.allow file must not have an extended ACL. | DISA STIG AIX 6.1 v1r13 | Unix | ACCESS CONTROL |
| GEN003255 - The at.deny file must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003440 - 'At' jobs must not set the umask to a value less restrictive than 077 | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL |
| GEN003440 - 'At' jobs must not set the umask to a value less restrictive than 077. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN003745 - The xinetd.conf files must not have extended ACLs. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN004010 - The traceroute file must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN004390 - The alias file must not have an extended ACL - '/etc/aliases.db' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN005350 - Management Information Base (MIB) files must not have extended ACLs. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN006210 - The /etc/smbpasswd file must not have an extended ACL - '/etc/samba/passdb.tdb' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN008200 - If using LDAP for auth or account info, the TLS cert file and/or directory (as appropriate) must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN008280 - If using LDAP for auth or acct info, the TLS cert must not have an extended ACL - '/etc/openldap/cacerts/cert.pem' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
