| 1.7.2 Ensure 'TLS 1.0' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Disable Local-only Graphical Login Environment | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.3 - AirWatch - Set the 'minimum password length' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 5.3.3 Ensure password reuse is limited | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.4 Ensure password reuse is limited | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.16 Ensure Browser Framing Is Restricted | CIS Apache HTTP Server 2.4 v2.3.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-011000 - Apple iOS/iPadOS 15 must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ALMA-09-024000 - AlmaLinux OS 9 must be configured so that the cryptographic hashes of system files match vendor values. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001360 - The BIND 9.x server implementation must prohibit the forwarding of queries to servers controlled by organizations outside of the U.S. government. | DISA BIND 9.x STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001490 - On the BIND 9.x server, the platform on which the name server software is hosted must be configured to send outgoing DNS messages from a random port. | DISA BIND 9.x STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - insmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - modprobe | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - module b32 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - rmmod | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-000430 - OL 9 must have the gnutls-utils package installed. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000044 - The Photon operating system must audit all account modifications - usermod | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000047 - The Photon operating system must audit all account removal actions - userdel | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/modprobe. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-010910 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040220 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
