| 1.1.2 Ensure 'Enable Password' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.2 Ensure 'Enable Password' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Ensure NIST FIPS-validated cryptography is configured - enabled | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Ensure NIST FIPS-validated cryptography is configured - grub | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Ensure NIST FIPS-validated cryptography is configured - installed | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.021 - Software certificate installation files must be removed from a system. | DISA Windows 7 STIG v1r32 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.021 - Software certificate installation files must be removed from Windows 2008 R2. | DISA Windows Server 2008 R2 MS STIG v1r33 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.021 - Software certificate installation files must be removed from Windows 2008 R2. | DISA Windows Server 2008 R2 DC STIG v1r34 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.021 - Software certificate installation files must be removed from Windows 2008. | DISA Windows Server 2008 DC STIG v6r47 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.021 - Software certificate installation files must be removed from Windows 2008. | DISA Windows Server 2008 MS STIG v6r46 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Disable 'nobody' Access for RPC Encryption Key Storage Service | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Disable "nobody" Access for RPC Encryption Key Storage Service | CIS Solaris 11.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure SSL Protocol is set to TLS for Secure Connectors - verify sslProtocol is set to TLS | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure SSL Protocol is set to TLS for Secure Connectors - verify sslProtocol is set to TLS | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Disable 'nobody' access for secure RPC, Check if 'ENABLE_NOBODY_KEYS' is set to No in /etc/default/keyserv (Solaris 9) | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000870 - The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed. | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000870 - The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed. | DISA STIG Apache Server 2.4 Unix Site v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies. | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U2-000890 - Cookies exchanged between the Apache web server and the client, such as session cookies, must have cookie properties set to force the encryption of cookies. | DISA STIG Apache Server 2.4 Unix Site v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001134 - On the BIND 9.x server the private keys corresponding to both the ZSK and the KSK must not be kept on the BIND 9.x DNSSEC-aware primary authoritative name server when the name server does not support dynamic updates. | DISA BIND 9.x STIG v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001134 - On the BIND 9.x server the private keys corresponding to both the ZSK and the KSK must not be kept on the BIND 9.x DNSSEC-aware primary authoritative name server when the name server does not support dynamic updates. | DISA BIND 9.x STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-002620 - Kubernetes API Server must disable basic authentication to protect information in transit. | DISA STIG Kubernetes v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-002630 - Kubernetes API Server must disable token authentication to protect information in transit. | DISA STIG Kubernetes v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-002640 - Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit. | DISA STIG Kubernetes v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI015 - IE Warning of invalid certificates - 'WarnOnBadCertRecving=1'. | DISA STIG IE 9 v1r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI015 - The Internet Explorer warning about certificate address mismatch must be enforced. | DISA STIG IE 10 V1R16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced. | DISA STIG IE 11 v1r18 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced. | DISA STIG IE 11 v1r19 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI015-IE11 - The Internet Explorer warning about certificate address mismatch must be enforced. | DISA STIG IE 11 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO316 - Outlook minimum encryption key length settings must be set. | DISA STIG Microsoft Outlook 2013 v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO316 - Outlook minimum encryption key length settings must be set. | DISA STIG Microsoft Outlook 2016 v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO316 - Outlook minimum encryption key length settings must be set. | DISA STIG Microsoft Outlook 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| HIPAA 164.312(a)(2)(iv) - Encryption and Decryption (A) | HIPAA Windows Audit | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| IAM: GetAccountSummary - 'AccessKeysPerUserQuota < 2' | Tenable AWS Best Practice Audit | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| PANW-NM-000145 - The Palo Alto Networks security platform must authenticate Network Time Protocol sources - 'Primary NTP Server' | DISA STIG Palo Alto NDM v1r4 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-NM-000145 - The Palo Alto Networks security platform must authenticate Network Time Protocol sources - 'Secondary NTP Server' | DISA STIG Palo Alto NDM v1r4 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-040320 - The nobody access for RPC encryption key storage service must be disabled. | DISA STIG Solaris 11 SPARC v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-040320 - The nobody access for RPC encryption key storage service must be disabled. | DISA STIG Solaris 11 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-040320 - The nobody access for RPC encryption key storage service must be disabled. | DISA STIG Solaris 11 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Web Interface - Does not use self-signed cert | TNS SonicWALL v5.8 Best Practices | SonicWALL | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN08-GE-000020 - Software certificate installation files must be removed from a system. | DISA Windows 8/8.1 STIG v1r23 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016. | DISA Windows Server 2016 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016. | DISA Windows Server 2016 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-PK-000020 - The DoD Interoperability Root CA cross-certificates must be installed in the Untrusted Certificates Store on unclassified systems - DoD Root CA 2 | DISA Windows Server 2016 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-00-000240 - Windows Server 2019 must have software certificate installation files removed. | DISA Windows Server 2019 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-00-000240 - Windows Server 2019 must have software certificate installation files removed. | DISA Windows Server 2019 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
