| 1.3.2 Ensure 'Maximum lifetime for service ticket' is set to '600 or fewer minutes, but not 0' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.3.5 Ensure 'Maximum tolerance for computer clock synchronization' is set to '5 or fewer minutes' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 1.3.5 Ensure 'Maximum tolerance for computer clock synchronization' is set to '5 or fewer minutes' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 1.3.5 Ensure 'Maximum tolerance for computer clock synchronization' is set to '5 or fewer minutes' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 8.0 Community Linux OS L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 20.3 Ensure 'Active Directory Domain Controllers Organizational Unit (OU) object have the proper access control permissions' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.17 Ensure 'Deny-all, permit-by-exception policy to allow the execution of authorized software programs' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.17 Ensure 'Deny-all, permit-by-exception policy to allow the execution of authorized software programs' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.18 Ensure 'Directory data (outside the root DSE) of a non-public directory is configured' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.18 Ensure 'Directory data (outside the root DSE) of a non-public directory is configured' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.18 Ensure 'Directory data (outside the root DSE) of a non-public directory is configured' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.25 Ensure 'Domain-joined systems have a Trusted Platform Module (TPM) enabled and ready for use' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.43 Ensure 'Organization created Active Directory Organizational Unit (OU) objects have proper access control permissions' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.43 Ensure 'Organization created Active Directory Organizational Unit (OU) objects have proper access control permissions' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.70 Ensure 'Users with Administrative privileges have separate accounts for administrative duties and normal operational tasks' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| ARST-RT-000800 - The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| GOOG-10-000200 - Google Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | AirWatch - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-000200 - Google Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Alphanumeric | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-000200 - Google Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-000200 - Google Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-000200 - The Honeywell Mobility Edge Android Pie device must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-000200 - The Honeywell Mobility Edge Android Pie device must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-RT-000760 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-001010 - The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000370 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTS-11-000200 - Motorola Solutions Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-000200 - Motorola Solutions Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Minimum complex characters | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-000200 - Motorola Solutions Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-000200 - Motorola Solutions Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Type | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000200 - Microsoft Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000200 - Microsoft Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| PHTN-40-000237 The Photon operating system must configure AIDE to detect changes to baseline configurations. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| TCAT-AS-000700 - DOD root CA certificates must be installed in Tomcat trust store. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000268 - The vCenter Server must set the distributed port group Forged Transmits policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - runtime | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-00-000165 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-000200 - Zebra Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-000200 - Zebra Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-000200 - Zebra Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Minimum complex characters | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
