| 1.1.1.2 Ensure mounting of squashfs filesystems is disabled | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2 Use the updated Linux Kernel | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Harden the container host | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Harden the container host | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Use non-default account names | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | ACCESS CONTROL |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS AlmaLinux OS 8 v4.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 10 v1.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 8 v4.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure system wide crypto policy disables sha1 hash and signature support | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.7 (L1) Ensure 'Trust Access to Visual Basic Project' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.5 Secure permissions for default database file path | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 3.1.5 Secure permissions for default database file path (Scored) | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
| 3.5.1.1 Ensure FirewallD is installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure FirewallD is installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - firewalld | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - firewalld | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - iptables | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure firewalld is installed - iptables | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1 Ensure firewalld is installed | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Do not disable AppArmor Profile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 5.2 Ensure that, if applicable, an AppArmor Profile is enabled | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 (L1) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.16 Do not share the host's IPC namespace | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Avoid container sprawl | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Avoid container sprawl | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 8.7 Secure the permissions of the IBMLDAPSecurity.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | |
| 8.7 Secure the permissions of the IBMLDAPSecurity.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| 9.11 Ensure permissions on communication exit library locations | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| 26 - Setup Client-cert Authentication | TNS Best Practice Jetty 9 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000190 - The out-of-band management (OOBM) Arista gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000190 - The out-of-band management (OOBM) Arista gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| AZLX-23-002015 - Amazon Linux 2023 must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002425 - Amazon Linux 2023 must be able to enforce a 60-day maximum password lifetime restriction. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above. | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | ACCESS CONTROL |
| OL09-00-000010 - OL 9 must be a vendor supported release. | DISA Oracle Linux 9 STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-030330 - The Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-040100 - The Red Hat Enterprise Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-10-500125 - RHEL 10 must periodically flush audit records to disk to ensure that audit records are not lost. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Select the channel for Microsoft Defender daily security intelligence updates | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | |
| VCST-70-000019 - The Security Token Service must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
