| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.11 Java 6 is not the default Java runtime | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/insmod | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/insmod | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/modprobe | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/modprobe | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/insmod | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - modprobe | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8.3 Ensure loginretries is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2.1.1 Ensure password failed attempts lockout is configured | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.2.1.1 Ensure password failed attempts lockout is configured | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| BIND-9X-001003 - The BIND 9.x server software must run with restricted privileges. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Console inactivity timer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if scanning fails. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Login: Idle connections time out after 5 minutes or less | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000290 - X Windows must not be enabled unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEV: All VMs | Tenable RedHat Enterprise Virtualization | RHEV | |
| RHEV: Product Info | Tenable RedHat Enterprise Virtualization | RHEV | |
| VCLU-70-000012 - Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled - MIMEs that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000012 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
