| 1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.15 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure aufs storage driver is not used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.8 Ensure the Lock File Is Secured | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Do not install unnecessary packages in the container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.20 Do not share the host's UTS namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 9.6 Secure the permission of the IBMLDAPSecurity.ini file | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 69.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000720 - The Cisco PE switch must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-003290 - The Kubernetes API Server must be set to audit log max size. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000028 - Firefox must not recommend extensions as the user is using the browser. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000028 - Firefox must not recommend extensions as the user is using the browser. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000033 - Firefox must be configured so that DNS over HTTPS is disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r2 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010483 - Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| OL07-00-010492 - Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| RHEL-07-010492 - Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| VCST-80-000126 The vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL |
| VCUI-80-000126 The vCenter UI service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL |
