| 1.16 RHEL-09-212035 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.65 OL08-00-010379 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.97 UBTU-24-500010 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 1.160 WN16-DC-000150 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I | Windows | CONFIGURATION MANAGEMENT |
| 1.161 WN19-DC-000150 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I | Windows | CONFIGURATION MANAGEMENT |
| 1.161 WN22-DC-000150 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I | Windows | CONFIGURATION MANAGEMENT |
| 1.178 UBTU-22-654235 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 2.19 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 Database | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.2 Ensure the sudoers file has the default include directory | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.5.9 Ensure local interactive user accounts umask is 077 | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5.9 Ensure local interactive user accounts umask is 077 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| AADC-CL-000295 - The Adobe Acrobat Pro DC Classic Send and Track plugin for Outlook must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001285 - Adobe Acrobat Pro DC Classic must disable the ability to store files on Acrobat.com. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001295 - Adobe Acrobat Pro DC Classic Repair Installation must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001310 - The Adobe Acrobat Pro DC Classic Welcome Screen must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001315 - Adobe Acrobat Pro DC Classic SharePoint and Office365 access must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - show roles | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - OpenSSH Version | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD currently running | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARDC-CL-000055 - Adobe Reader DC must disable the Adobe Send and Track plugin for Outlook. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004800 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. - policy | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. - policy6 | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Hiding sensitive data | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| JUEX-NM-000190 - The Juniper EX switch must be configured to protect audit information from unauthorized modification. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000200 - The Juniper EX switch must be configured to protect audit information from unauthorized deletion. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000210 - The Juniper EX switch must be configured to protect audit tools from unauthorized access. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000270 - The Juniper EX switch must be configured to enforce a minimum 15-character password length. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000330 - The Juniper EX switch must be configured to only store cryptographic representations of passwords. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000300 - The Juniper router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA Juniper EX Series Router v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000710 - The Juniper multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000810 - The Juniper perimeter router must be configured to drop fragmented IPv6 packets where the first fragment does not include the entire IPv6 header chain. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000830 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000383 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - hop-by-hop | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000880 - The Juniper multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed - protocols pim | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000003 - The Juniper Networks SRX Series Gateway IDPS must restrict or block harmful or suspicious communications traffic between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | ACCESS CONTROL |
| OL6-00-000163 - The audit system must switch the system to single-user mode when available audit storage volume becomes dangerously low. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000163 - The audit system must switch the system to single-user mode when available audit storage volume becomes dangerously low. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-06-000051 - The system must protect the confidentiality and integrity of transmitted info by isolating IP-based storage traffic. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| WN10-UR-000070 - The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN11-UR-000070 - The 'Deny access to this computer from the network' user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 11 STIG v2r4 | Windows | ACCESS CONTROL |
| WN12-SO-000036 - Automatic logons must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000036 - Automatic logons must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-DC-000150 - Directory data (outside the root DSE) of a non-public directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000150 - Windows Server 2019 directory data (outside the root DSE) of a non-public directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000150 - Windows Server 2022 directory data (outside the root DSE) of a nonpublic directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-000700 - The Windows PAW must be configured with a vendor-supported version of Windows 11 and applicable security patches that are DOD approved. | DISA MS Windows Privileged Access Workstation v3r2 | Windows | CONFIGURATION MANAGEMENT |
