| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.29 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | CIS PostgreSQL 15 OS v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 12 OS v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Set 'Warn before switching dial- up connection' to 'Enabled:True' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.13.2 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: any, but ALL' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.6 Ensure 'Active Directory Group Policy objects are configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.6 Ensure 'Active Directory Group Policy objects are configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.9 Ensure 'Active Directory RID Manager$ object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.9 Ensure 'Active Directory RID Manager$ object is configured with proper audit settings' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.19 Ensure 'Directory service must be configured to terminate LDAP-based network connections to the directory server after five minutes of inactivity' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.37 Ensure 'Non-administrative accounts or groups only have print permissions on printer shares' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.63 Ensure 'Temporary user accounts must be automatically removed or disabled after 72 hours' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.63 Ensure 'Temporary user accounts must be automatically removed or disabled after 72 hours' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.65 Ensure 'The system must have the Roles and Features required for it documented' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| DO6748-ORACLE11 - Case sensitivity for passwords should be enabled - 'sec_case_sensitive_logon = true' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| ESXI-65-000060 - The virtual switch MAC Address Change policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| EX16-ED-000400 - Exchange Attachment filtering must remove undesirable attachments by file type. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000130 - Exchange Attachment filtering must remove undesirable attachments by file type. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-DM-000284 - The F5 BIG-IP must ensure SSH is disabled for root user logon to prevent remote access using the root account. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | CONFIGURATION MANAGEMENT |
| IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - BGP | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - OSPF | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-002400 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-014000 - SQL Server and/or the operating system must protect its audit configuration from unauthorized modification. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000450 - Tomcat user UMASK must be set to 0027. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000820 - Tomcat must be configured to limit data exposure between applications. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000007 - vSphere Client must be configured to only communicate over TLS 1.2. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL |
| WA00520 A22 - The web server must not be configured as a proxy server. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00520 A22 - The web server must not be configured as a proxy server. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA00520 W22 - The web server must not be configured as a proxy server. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be enabled. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN11-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be enabled. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN12-SO-000043 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000043 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000044 - The system must be configured to disable the Internet Router Discovery Protocol (IRDP). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-CC-000030 - WDigest Authentication must be disabled on Windows Server 2016. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000020 - Windows Server 2019 must have WDigest Authentication disabled. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000020 - Windows Server 2022 must have WDigest Authentication disabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
