| 1.4.2 Ensure access to bootloader config is configured | CIS Red Hat Enterprise Linux 10 v1.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.4 Ensure SETroubleshoot is not installed | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.7 Ensure SETroubleshoot is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.2 Ensure 'TLS 1.2' is set for HTTPS access | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.4.3 Ensure password reuse is limited | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Ensure sudo authentication timeout is configured | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.3 Ensure password reuse is limited | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.14 Ensure 'on-failure' container restart policy is set to '5' - 'MaximumRetryCount' | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) switch must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated switch (DR) for any undesirable multicast groups and sources. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| DISA_STIG_BIND_9_v2r3.audit from DISA BIND 9.x v2r3 STIG | DISA BIND 9.x STIG v2r3 | Unix | |
| DISA_STIG_PostgreSQL_9-x_on_RHEL_v2r5_OS.audit from DISA PostgreSQL 9.x v2r5 STIG | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Enable IKE Version 1/2 - group | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable IKE Version 1/2 - rekey | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030740 - An X Windows display manager must not be installed unless approved. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.administration-sso-lockout-policy-max-attempts | VMware vSphere Security Configuration and Hardening Guide | VMware | ACCESS CONTROL |
| WBLC-01-000033 - Oracle WebLogic must enforce the organization-defined time period during which the limit of consecutive invalid access attempts by a user is counted. | Oracle WebLogic Server 12c Windows v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WBLC-01-000033 - Oracle WebLogic must enforce the organization-defined time period during which the limit of consecutive invalid access attempts by a user is counted. | Oracle WebLogic Server 12c Linux v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-01-000033 - Oracle WebLogic must enforce the organization-defined time period during which the limit of consecutive invalid access attempts by a user is counted. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
