| 2.2.1 Ensure 'Password Policy' is enabled | CIS FortiGate 7.4.x v1.0.1 L1 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| 3.3 Ensure Custom Error Messages are not Off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure Custom Error Messages are not Off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.3.2.7 Ensure mrouted is not in use | CIS IBM AIX 7 v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Configure Solaris Auditing - active non-attributable audit flags | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user default audit flags | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user default audit flags | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - p_minfree | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - Plugin | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - userattr audit_flags root | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure Unlisted File Extensions are not allowed | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent Requests | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequests | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is enabled | CIS IIS 7 L1 v1.8.0 | Windows | |
| ESXI-06-000002 - The system must verify the DCUI.Access list. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000005 - The system must enforce the limit of three consecutive invalid logon attempts by a user. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000006 - The system must enforce the unlock timeout of 15 minutes after a user account is locked out. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000035 - The VMM must be configured to disable non-essential capabilities by disabling SSH. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000036 - The system must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000038 - The system must use the vSphere Authentication Proxy to protect passwords when adding ESXi hosts to Active Directory. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000039 - Active Directory ESX Admin group membership must not be used. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000045 - The system must enable a persistent log location for all locally stored logs. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-000057 - The system must configure the firewall to block network traffic by default - Outgoing | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000064 - All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000068 - Virtual switch VLANs must be fully documented and have only the required VLANs. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000070 - The system must not provide root/administrator level access to CIM-based hardware monitoring tools or other third-party applications. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000075 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted by use of an external proxy server. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-100001 - The system must enable lockdown mode to restrict remote access. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-100039 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by restricting use of Active Directory ESX Admin group membership. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100041 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-100042 - The VMM must automatically terminate a user session after inactivity timeouts have expired or at shutdown by setting an idle timeout on shell services. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-300037 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by using Active Directory for local user authentication. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-500031 - The VMM must enforce password complexity by requiring that at least one special character be used. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| IIST-SI-000238 - The IIS 10.0 website must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 website. | DISA IIS 10.0 Site v2r14 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000246 - Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data. | DISA IIS 10.0 Site v2r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000251 - The IIS 10.0 website must have a unique application pool. | DISA IIS 10.0 Site v2r14 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000115 - The log information from the IIS 10.0 web server must be protected from unauthorized modification or deletion. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000115 - The log information from the IIS 10.0 web server must be protected from unauthorized modification or deletion. | DISA IIS 10.0 Server v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SI-000238 - The IIS 8.5 website must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 8.5 website. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000115 - The log information from the IIS 8.5 web server must be protected from unauthorized modification or deletion. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000116 - The log data and records from the IIS 8.5 web server must be backed up onto a different system or media. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 8.5 web server - IPP must be disabled on the IIS 8.5 web server | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| NIST_macOS_Monterey_800-53r5_low_v1.0.0.audit from NIST macOS Monterey v1.0.0 | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | |
| SLEM-05-211010 - SLEM 5 must be a vendor-supported release. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
