| 1.9.1.1 Ensure 'NTP authentication' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Allow only trusted hosts in SNMPv3 | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 14.0 Sonoma v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Show Wi-Fi status in Menu Bar Is Enabled - Show Wi-Fi status in menu bar | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Audit Wi-Fi Settings | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - IKE Phase 2 | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - proposal | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-010600 - PostgreSQL must invalidate session identifiers upon user logout or other session termination. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI046 - Logon options must be configured to prompt (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI136 - Logon options must be configured and enforced (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO421 - Session Initiation Protocol (SIP) security mode must be configured. | DISA STIG Microsoft Skype for Business 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP. | DISA STIG Microsoft Skype for Business 2016 v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000098 Exchange internal send connectors must use domain security (mutual authentication Transport Layer Security). | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000099 Exchange internet-facing receive connectors must offer Transport Layer Security (TLS) before using basic authentication. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000241 - When the Access Profile Type is LTM+APM and it is not using any connectivity resources (such as Network Access, Portal Access, etc.) in the VPE, the F5 BIG-IP appliance must be configured to enable the HTTP Only flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 10.0 Site v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity. | DISA IIS 8.5 Site v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000134 - The IIS 8.5 web server must use cookies to track session state. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-80-000057 The vCenter Lookup service must be configured to limit data exposure between applications. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000195 - The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000032 - vSphere UI must restrict its cookie path. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001410 - The WebSphere Application Server DoD root CAs must be in the trust store. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001410 - The WebSphere Application Server DoD root CAs must be in the trust store. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001410 - The WebSphere Application Server DoD root CAs must be in the trust store. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
