| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.30 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, AWARENESS AND TRAINING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AIOS-18-010900 - Apple iOS/iPadOS 18 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL |
| AIOS-18-010900 - Apple iOS/iPadOS 18 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL |
| AIOS-18-010950 - Apple iOS/iPadOS 18 must implement the management setting: require passcode for incoming Airplay connection requests. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL |
| AIOS-18-010950 - Apple iOS/iPadOS 18 must implement the management setting: require passcode for incoming Airplay connection requests. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL |
| ALMA-09-002770 - AlmaLinux OS 9 must log SSH connection attempts and failures to the server. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | ACCESS CONTROL |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Group Policy | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-FW-000030 - The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules - VPN Rules | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| FNFG-FW-000015 - The FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points. | DISA Fortigate Firewall STIG v1r3 | FortiGate | ACCESS CONTROL |
| OL08-00-010070 - All OL 8 remote access methods must be monitored. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-040090 - An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-040100 - A firewall must be installed on OL 8. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| OL08-00-040101 - A firewall must be active on OL 8. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| PHTN-30-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv'. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | ACCESS CONTROL |
| PHTN-30-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | ACCESS CONTROL |
| PHTN-40-000201 The Photon operating system must enable Secure Shell (SSH) authentication logging. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-67-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-08-010070 - All RHEL 8 remote access methods must be monitored. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040100 - A firewall must be installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040101 - A firewall must be active on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-09-652030 - All RHEL 9 remote access methods must be monitored. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL |
| SLES-15-010150 - The SUSE operating system must log SSH connection attempts and failures to the server. | DISA SLES 15 STIG v2r2 | Unix | ACCESS CONTROL |
| SYMP-AG-000010 - If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000020 - Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010403 - The Ubuntu operating system must monitor remote access methods. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| UBTU-20-010433 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| UBTU-22-251015 - Ubuntu 22.04 LTS must enable and run the Uncomplicated Firewall (ufw). | DISA Canonical Ubuntu 22.04 LTS STIG v2r3 | Unix | ACCESS CONTROL |
| UBTU-22-652015 - Ubuntu 22.04 LTS must monitor remote access methods. | DISA Canonical Ubuntu 22.04 LTS STIG v2r3 | Unix | ACCESS CONTROL |
| UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw). | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| VCLD-80-000005 The vCenter VAMI service must generate information to monitor remote access. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | ACCESS CONTROL |
| VCRP-67-000005 - The rhttpproxy must produce log records containing sufficient information to establish the source of events. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - certificate | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - privateKey | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-67-000008 - The rhttproxy must exclusively use the HTTPS protocol for client connections - vecsServerName | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCRP-70-000006 - Envoy must exclusively use the HTTPS protocol for client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - depth | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000120 - The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes - enabled | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN11-AU-000065 - The system must be configured to audit Logon/Logoff - Logoff successes. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-DC-000410 - Windows Server 2022 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2022 STIG v2r3 | Windows | ACCESS CONTROL |
