| 1.1.5 Enable Enhanced Secure Mode | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL |
| 1.4 Use non-default account names | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 8 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 8 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 8 v3.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 8 v3.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 10 v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Ensure system wide crypto policy disables sha1 hash and signature support | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Ensure system wide crypto policy disables sha1 hash and signature support | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.3 Ensure 'BGP authentication' is enabled | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 Secure permissions for default database file path | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 3.1.5 Secure permissions for default database file path | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 3.1.14 Set maximum connection limits - 'max_connections <= 100' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.4.1.1 Ensure firewalld is installed | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.1 Ensure firewalld is installed | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/hosts' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64 | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Enable IPtables | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| Excel 2 worksheets | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Excel 2 worksheets | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | ACCESS CONTROL |
| FFOX-00-000028 - Firefox must not recommend extensions as the user is using the browser. | DISA STIG Mozilla Firefox Windows v6r7 | Windows | CONFIGURATION MANAGEMENT |
| IBMW-LS-000970 - The WebSphere Liberty Server must prohibit the use of cached authenticators after an organization-defined time period. | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000775 - OL 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Oracle Linux 9 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000019 - Lookup Service must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VM Tools: guest-8.tools-deactivate-containerinfo | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
