| 1.15 Audit Docker files and directories - /usr/bin/docker-runc | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure aufs storage driver is not used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Secure permissions for default database file path | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.8 Ensure the Lock File Is Secured - configured | CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Do not install unnecessary packages in the container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.9 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.9 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 69.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 69.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000720 - The Cisco PE switch must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTAVSEL-106 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-111 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000005 - Firefox must be configured to not automatically update installed add-ons and plugins. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000007 - Firefox must be configured to disable form fill assistance. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000014 - Background submission of information to Mozilla must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000015 - Firefox development tools must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000018 - Firefox must prevent the user from quickly deleting data. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | ACCESS CONTROL |
| FFOX-00-000020 - Firefox search suggestions must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000022 - Firefox network prediction must be disabled. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000024 - Firefox cryptomining protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000027 - Firefox deprecated ciphers must be disabled. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000033 - Firefox must be configured so that DNS over HTTPS is disabled. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | CONFIGURATION MANAGEMENT |
| nameserver 2 | DISA Oracle Linux 7 STIG v3r1 | Unix | |
| OL07-00-010483 - Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| OL07-00-010492 - Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Oracle Linux 7 STIG v3r1 | Unix | ACCESS CONTROL |
| PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-040310 - The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000126 The vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL |
