| 1.1.1.5 Ensure squashfs kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure udf kernel module is not available | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.2.1 Ensure /dev/shm is tmpfs | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.1.2.2.2 Ensure nodev option set on /dev/shm partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.6.4 Ensure noexec option set on /var/log partition | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 1.2.2 Ensure gpgcheck is globally activated | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1.2 Ensure SELinux is not disabled in bootloader configuration | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.3 Ensure fs.protected_symlinks is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.6.3 Ensure remote login warning banner is configured properly | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.4 Ensure access to /etc/motd is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.6 Ensure access to /etc/issue.net is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1 Ensure autofs services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 Ensure avahi daemon services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.12 Ensure rpcbind services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure telnet server services are not in use | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1.4 Ensure access to /etc/cron.daily is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.5 Ensure access to /etc/cron.weekly is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.8 Ensure access to crontab is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.1 Ensure access to /etc/ssh/sshd_config is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.10 Ensure sshd HostbasedAuthentication is disabled | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.18 Ensure sshd MaxStartups is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure libpwquality is installed | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.2.3.4 Ensure pam_pwhistory includes use_authtok | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.2.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1.2 Ensure minimum password days is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.4 Ensure strong password hashing algorithm is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.2.5 Ensure root path integrity | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.5.2.6 Ensure root user umask is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1.3 Ensure journald Compress is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.1.2.2 Ensure rsyslog service is enabled and active | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2.2 Ensure /etc/shadow password fields are not empty | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION |
| 7.2.6 Ensure no duplicate user names exist | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 7.2.7 Ensure no duplicate group names exist | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 7.2.9 Ensure local interactive user dot files access is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION |
| 18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.2 Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.2 Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.2 Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000153 - An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000154 - The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SV-000154 - A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000322 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000024 - VAMI must implement Transport Layer Security (TLS) 1.2 exclusively. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
