| 1.1.2.1 console authentication | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL |
| 1.1.2.2 vty line authentication | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL |
| 1.4 APPL-14-000005 | CIS Apple macOS 14 Sonoma STIG v1.0.0 CAT II | Unix | ACCESS CONTROL |
| 1.5.6 Login Privilege Elevation for Administrators | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL |
| 1.9.1 https-server default enablement | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1 https-server default enablement | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.3 Two-factor authentication with the https-server server | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.24 Ensure 'Guest profiles' do not exist | AirWatch - CIS Google Android v1.6.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.24 Ensure 'Guest profiles' do not exist | MobileIron - CIS Google Android v1.6.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.86 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.191 WN19-MS-000010 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT I | Windows | ACCESS CONTROL |
| 2.1.6 Key chains | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.2 Create and use a single Loopback Address for Routing Protocol Peering | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MariaDB 10.6 on Linux L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1.1 Ensure latest version of pam is installed | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1.1 Ensure latest version of pam is installed | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| APPL-14-000005 - The macOS system must configure user session lock when a smart token is removed. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL |
| AZLX-23-001240 - Amazon Linux 2023 must not permit direct logons to the root account using remote access via SSH. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS XE Router NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| CISC-ND-001250 - The Cisco router must be configured to generate log records when administrator privileges are deleted. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001270 - The Cisco router must be configured to generate log records for privileged activities. | DISA Cisco IOS Router NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| ESXI5-VMNET-000013 - The system must ensure that the virtual switch Forged Transmits policy is set to reject. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI5-VMNET-000014 - The system must ensure that the dvPortgroup Forged Transmits policy is set to reject. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - '/etc/security/user rlogin=false' | DISA AIX 5.3 STIG v1r2 | Unix | ACCESS CONTROL |
| GEN007840-ESXI5-000119 - The DHCP client must be disabled if not used. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| JUEX-L2-000210 - The Juniper EX switch must be configured to prune the default VLAN from all trunked interfaces that do not require it. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000220 - The Juniper EX switch must not use the default VLAN for management traffic. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| SQL6-D0-013400 - SQL Server must generate audit records when successful and unsuccessful attempts to add privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-013600 - SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-014200 - SQL Server must generate audit records when successful and unsuccessful attempts to delete privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001670 - RECYCLE_FACADES must be set to true. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | CONFIGURATION MANAGEMENT |
| vCenter: vcenter-8.network-restrict-discovery-protocol | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| WN10-00-000070 - Only accounts responsible for the administration of a system must have Administrator rights on the system. | DISA Microsoft Windows 10 STIG v3r6 | Windows | ACCESS CONTROL |
| WN12-GE-000004-MS - Only administrators responsible for the member server must have Administrator rights on the system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
