| 1.3.2 Implement Periodic Execution of File Integrity - 0 5 * * * /usr/sbin/aide --check' | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.9 Set archive log failover retry limit | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.6 Ensure sudo authentication timeout is configured correctly | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 6.12 Ensure all HTTP Header Logging options are enabled - Log Container Page | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - Referer | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.12 Ensure all HTTP Header Logging options are enabled - User-Agent | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| AIOS-02-090100 - Apple iOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | TNS Citrix Hypervisor | Unix | CONFIGURATION MANAGEMENT |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN006650 - The Oracle Linux 5 operating system must use a virus scan program. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - insmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - modprobe | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - module b64 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - rmmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000001 - The Photon operating system must audit all account creations - useradd | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000047 - The Photon operating system must audit all account removal actions - groupdel | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/insmod. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/rmmod. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001030 - LockOutRealms failureCount attribute must be set to 5 failed logins for admin users. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
