| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.19 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.3.2 Post-authentication Banner | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.5.6 Create an 'access-list' for use with SNMP | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 2.2.27 Ensure 'Deny log on as a batch job' to include 'Guests, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.1.3 Ensure 'Accounts: Guest account status' is set to 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.2 Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.45 Ensure 'Outdated or unused accounts are removed or disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.49 Ensure 'Permissions for the Security Event Log must prevent access by non-privileged accounts' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.49 Ensure 'Permissions for the Security Event Log must prevent access by non-privileged accounts' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.50 Ensure 'Permissions for the System Event Log must prevent access by non-privileged accounts' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.50 Ensure 'Permissions for the System Event Log must prevent access by non-privileged accounts' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.62 Ensure 'Telnet Client is not installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.64 Ensure 'TFTP Client' is 'not installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x timeout reauth-period 3600 | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure known default accounts do not exist - cmd_exec | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| ESXI-67-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000160 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000175 - Exchange filtered messages must be archived. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000330 - Exchange messages with a blank sender field must be rejected. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000340 - Exchange messages with a blank sender field must be filtered. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000125 - Exchange filtered messages must be archived. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-L2-000050 - The Juniper EX switch must be configured to permit authorized users to select a user session to capture. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000270 - The Juniper router must be configured to have all nonessential capabilities disabled. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000770 - The Juniper perimeter router must be configured to block all outbound management traffic. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - http | DISA STIG Juniper Router RTR v3r1 | Juniper | CONFIGURATION MANAGEMENT |
| MD4X-00-006600 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| Policies - Pod - Date and Time Policy - Host | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000279 - The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000279 - The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
