| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Disable/Modify Default Accts - 'SNMP default community strings have been removed' | TNS NetApp Data ONTAP 7G | NetApp | |
| 2.2.4 Ensure CUPS is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure CUPS is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.33 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.10.4.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.10.4.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.4.1.6 Ensure root access is disabled or blocked. | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_server = REQUIRED' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 8.4.2 Ensure Autologon is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.4.7 Disable Guest Host Interaction Protocol Handler | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.10 Ensure Unity Window Contents is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.11 (L2) Ensure Shell Action is disabled | CIS VMware ESXi 7.0 v1.4.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.12 Disable Drag and Drop Version Get | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.13 Disable Drag and Drop Version Set | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 (L2) Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 7.0 v1.4.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 Disable GetCreds | CIS VMware ESXi 5.1 v1.0.1 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.23 Ensure memSchedFakeSampleStats is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DTOO113 - Excel - Open/Save actions for Excel 2 macrosheets and add-in files must be blocked. | DISA STIG Office 2010 Excel v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - 'database location' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN003080-2 - Files in cron script directories must have mode 0700 or less permissive - '/etc/cron.monthly/*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN005307 - The SNMP service must require the use of a FIPS 140-2 approved encryption algorithm for protecting the privacy of SNMP messages. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| JUEX-RT-000670 - The Juniper PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000253 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000260 - OHS must have the SSLCipherSuite directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000177 - Oracle WebLogic must utilize FIPS 140-2 approved encryption modules when authenticating users and processes - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
