| 1.1.1.2 Configure AAA Authentication - Local SSH keys | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.9.1 Configure SNMPv3 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.25 Ensure 'Guest profiles' do not exist | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 1.25 Ensure 'Guest profiles' do not exist | MobileIron - CIS Google Android v1.3.0 L1 | MDM | |
| 1.74 UBTU-22-411010 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.81 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.36 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1.1 Ensure latest version of pam is installed | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000030 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-14-003002 - The macOS system must enable certificate for smartcards. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-000033 - The macOS system must be configured to disable password forwarding for FileVault. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-003020 The macOS system must enforce smart card authentication. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000033 - The macOS system must disable FileVault automatic login. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL |
| APPL-15-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000130 - The Arista network device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL |
| BIND-9X-001612 - On a BIND 9.x server all authoritative name servers for a zone must be located on different network segments. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS XE Router NDM STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-ND-001150 - The Cisco router must be configured to authenticate NTP sources using authentication that is cryptographically based. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000068 - Virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000068 - All ESXi host-connected virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000068 - All ESXi host-connected virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - '/etc/security/user rlogin=false' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000120 - The Juniper EX switch must be configured to enable DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - IS-IS type | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - OSPF | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - RIP key | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - RIP type | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MD3X-00-001100 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | CONFIGURATION MANAGEMENT |
| MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| PPS9-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.network-restrict-discovery-protocol | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| WN16-MS-000010 - Only administrators responsible for the member server or standalone or nondomain-joined system must have Administrator rights on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-MS-000010 - Windows Server 2019 must only allow Administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL |
| WN22-MS-000010 - Windows Server 2022 must only allow administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | ACCESS CONTROL |
