| 4.8 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-011000 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W2-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
| ESXI-70-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH). | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ESXI-80-000193 The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH). | DISA VMware vSphere 8.0 ESXi STIG v2r1 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| F5BI-AS-000031 - The BIG-IP ASM module supporting intermediary services for remote access communications traffic must ensure inbound traffic is monitored for compliance with remote access security policies. | DISA F5 BIG-IP Application Security Manager STIG v2r1 | F5 | ACCESS CONTROL |
| GEN008520 - The system must employ a local firewall. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Monterey - Configure System to Audit All Log In and Log Out Events | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OH12-1X-000019 - OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000021 - OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000023 - OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000032 - OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL6-00-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| RHEL-06-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - CHKCONFIG. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - PROCESS_CHECK. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-09-251015 - The firewalld service on RHEL 9 must be active. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SLES-12-030110 - The SUSE operating system must log SSH connection attempts and failures to the server. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL |
| SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| UBTU-16-030450 - All remote access methods must be monitored - auth | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-16-030450 - All remote access methods must be monitored - daemon | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010410 - The Ubuntu operating system must monitor remote access methods. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WBLC-01-000011 - Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Oracle WebLogic Server 12c Linux v2r1 | Unix | ACCESS CONTROL |
| WBLC-01-000011 - Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Oracle WebLogic Server 12c Windows v2r1 | Windows | ACCESS CONTROL |
| WBLC-01-000013 - Oracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited. | Oracle WebLogic Server 12c Linux v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000080 - WebSphere Application Server groups mapped to WebSphere auditor roles must be configured in accordance with security plan | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN12-CC-000132 - Users must be prevented from mapping local COM ports and redirecting data from the Remote Desktop Session Host to local COM ports. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000134 - The system must be configured to ensure smart card devices can be redirected to the Remote Desktop session. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000135 - Users must be prevented from redirecting Plug and Play devices to the Remote Desktop Session Host. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-DC-000410 - The Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN19-AU-000190 - Windows Server 2019 must be configured to audit logon successes. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000410 - Windows Server 2019 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-MS-000120 - Windows Server 2019 'Deny log on through Remote Desktop Services' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
