| 1.2 Set 'Allow Active X One Off Forms' to 'Enabled:Load only Outlook Controls' | CIS MS Office Outlook 2010 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.1.8 Ensure SETroubleshoot is not installed | CIS Rocky Linux 8 v3.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.3.1.9 Ensure SETroubleshoot is not installed | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.4.4 Remove SETroubleshoot | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2.4 Ensure SETroubleshoot is not installed | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5' | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.2 Front Panel Security | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | PHYSICAL AND ENVIRONMENTAL PROTECTION |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (32-bit) | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (64-bit) | CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - insmod | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rmmod | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - auditctl init_module | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - insmod | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.1 Ensure Home Folders Are Secure | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.6 Ensure sudo authentication timeout is configured | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.3 Ensure password reuse is limited | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 8.1.17 Collect Kernel Module Loading and Unloading - '32bit init_module/delete_module' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.17 Collect Kernel Module Loading and Unloading - '64bit init_module/delete_module' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.17 Collect Kernel Module Loading and Unloading- '/sbin/rmmod' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 89.18 (L1) Ensure 'Impersonate Client' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.20 (L1) Ensure 'Impersonate Client' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPNET0064 - .Net applications that invoke NetFx40_LegacySecurityPolicy must apply previous versions of .NET STIG guidance. | DISA Microsoft DotNet Framework 4.0 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| Configure IPsec Tunnel Parameters - rekey | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable IKE Version 1/2 - cipher-suite | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000000-LNX00360 - The X server must have the correct options enabled - '-audit = 4' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-671010 - FIPS 140-2/140-3 mode must be enabled on SLEM 5. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-80-000100 The vCenter VAMI service must implement prevent rendering inside a frame or iframe on another site. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
