| 1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.7 - AirWatch - Disable 'Wi-Fi' | AirWatch - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.4.2 Enable 'service password-encryption' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.15 APPL-14-000033 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.124 APPL-14-003020 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.125 APPL-14-003030 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-000033 - The macOS system must disable FileVault automatic log on. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL |
| APPL-14-003020 - The macOS system must enforce smart card authentication. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000033 - The macOS system must disable FileVault automatic login. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | ACCESS CONTROL |
| APPL-15-003020 - The macOS system must enforce smart card authentication. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-26-000033 - The macOS system must disable FileVault automatic login. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | ACCESS CONTROL |
| APPL-26-003020 - The macOS system must enforce smart card authentication. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-26-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000860 - The Arista network device must be running an operating system release that is currently supported by the vendor. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| ARST-ND-000860 - The Arista network device must be running an operating system release that is currently supported by the vendor. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms. | DISA STIG Cisco ASA NDM v2r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000330 - The Cisco router must be configured to generate audit records containing the full-text recording of privileged commands. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA Cisco IOS XE Router NDM STIG v3r7 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an approved gateway service provider into BGP, an IGP peering with the NIPRNet, or other autonomous systems. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| First Hop Security - IP Inspection - Admin Status | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v3r6 | Windows | ACCESS CONTROL |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - IS-IS type | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - RIP type | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MD3X-00-001100 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | CONFIGURATION MANAGEMENT |
| MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020040 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000970 - Idle timeout for the management application must be set to 10 minutes. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001680 - ALLOW_BACKSLASH must be set to false. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | CONFIGURATION MANAGEMENT |
| UBTU-16-010080 - The Ubuntu operating system must prevent direct login into the root account. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010036 - The Ubuntu operating system must prevent direct login into the root account. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010408 - The Ubuntu operating system must prevent direct login into the root account. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-411010 - Ubuntu 22.04 LTS must prevent direct login into the root account. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400110 - Ubuntu 24.04 LTS must prevent direct login to the root account. | DISA Canonical Ubuntu 24.04 LTS STIG v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
