| 1.1.1.1.3 Ensure passcode is set to have at least 1 number | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.1.1.1.3 Ensure passcode is set to have at least 1 number | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.1.19 Disable Automounting | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.7.2.1.1 Ensure 'Excel 2 Macrosheets and Add-in Files' is set to Enabled(Open/Save blocked, use open policy) | CIS Microsoft Office Excel 2013 v1.0.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.8.1 Enable FIPS Mode | CIS Cisco NX-OS v1.2.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.2.6 - AirWatch - Set Maximum Auto-lock | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.6 - MobileIron - Set Maximum Auto-lock | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.6 - MobileIron - Set Maximum Auto-lock | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile directory' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.10 (L1) Ensure 'Enable predict network actions` is set to 'Enabled: Do not predict actions on any network connection' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.7 Ensure that the EC2 Metadata Service only allows IMDSv2 | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | CONFIGURATION MANAGEMENT |
| 6 - Storage Encryption | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 8.4.9 Ensure Drag and Drop Version Get is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.12 Ensure Request Disk Topology is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.19 Ensure Guest Host Interaction Launch Menu is disabled | CIS VMware ESXi 6.7 v1.3.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.21 Ensure Host Guest File System Server is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.34.1 (L1) Ensure 'Disable Internet Explorer 11 as a standalone browser' is set to 'Enabled: Always' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-001108 - AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONTINGENCY PLANNING |
| Big Sur - Configure System to Audit All Administrative Action Events | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Administrative Action Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Administrative Action Events | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Administrative Action Events | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Administrative Action Events | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| CD12-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CIS Control 2 (2.1(b)) Maintain and Inventory of Authorized Software | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SSL_CIPHER_SUITES is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO240 - Outlook - The ability to display level 1 attachments must be disallowed. | DISA STIG Office 2010 Outlook v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO243 - The prompt to display level 1 attachments must be disallowed when closing an item. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000255 - The FortiGate device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - '/etc/aide.conf must exist' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN000242 - The system must use at least two time sources for clock synchronization - 'at least 2 servers are configured' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002760-2 - The audit system must be configured to audit all administrative, privileged, and security actions - '/etc/audit.rules' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN002760-2 - The audit system must be configured to audit all administrative, privileged, and security actions - '/etc/audit.rules' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| JUEX-L2-000030 - The Juniper layer 2 switch must be configured to disable all dynamic VLAN registration protocols. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-003700 - If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-012200 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes. | DISA MariaDB Enterprise 10.x v2r3 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-001300 - MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure System to Audit All Administrative Action Events | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Administrative Action Events | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010110 - OL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010120 - OL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
