| 1.2.1 Configure Global Authorization Rule to Restrict Access | CIS IIS 8.0 v1.4.0 Level 1 | Windows | ACCESS CONTROL |
| 1.2.1 Configure Global Authorization Rule to Restrict Access - remove users='*' | CIS IIS 7.0 L1 v1.7.1 | Windows | ACCESS CONTROL |
| 1.3.2 Ensure sudo commands use pty | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.5.2 Ensure bootloader password is set | CIS Red Hat EL8 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - 'Mode from config file' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - 'Mode from config file' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - 'SELinux status' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured - 'SELINUXTYPE' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure no unconfined daemons exist | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'unconfined processes' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profile are loaded | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'Enterprise Admins Group and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.6 Prevent unintended use of dvfilter network APIs | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 2.17.2 Ensure 'Never Allow Users to Specify Groups When Restricting Permission for Documents' is set to Enabled | CIS Microsoft Office 2013 v1.1.0 | Windows | ACCESS CONTROL |
| 2.17.2 Ensure 'Never Allow Users to Specify Groups When Restricting Permission for Documents' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | ACCESS CONTROL |
| 3.1.11 Authenticate federated users at the instance level | CIS v1.1.0 IBM DB2 v10 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 3.1.11 Authenticate federated users at the instance level | CIS v1.1.0 IBM DB2 v10 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.5.1.10 CDE - /etc/dt/config/Xservers permissions and ownership | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.42 listener.ora - 'dynamic_registration_listener_name = OFF' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/login.defs' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/profile' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 6.1.3 Disable guest account login | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.10 Yosemite L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.4 Ensure VMDK files are zeroed out prior to deletion | CIS VMware ESXi 6.7 v1.1.0 Level 2 | VMware | ACCESS CONTROL |
| 8.1 Block system accounts, Ensure account 'noaccess' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 8.1 Block system accounts, Ensure account 'uucp' is locked. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 8.1 Block System Accounts, should pass if the default shell for 'lp' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 8.1 Block System Accounts, should pass if the default shell for 'noaccess' is set to /dev/null. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 20.37 Ensure 'Non-administrative accounts or groups only have print permissions on printer shares' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | ACCESS CONTROL |
| Connection settings - 'pg_hba.conf no host entries for 'all' source addresses' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
| Connection settings - 'pg_hba.conf no host entries using 'trust' method' | TNS PostgreSQL 9.1 Best Practices Windows OS | Windows | ACCESS CONTROL |
| Connections - Host Based Authentication - no unconditional connect | TNS PostgreSQL 9.6 Best Practices Unix OS | Unix | ACCESS CONTROL |
| DTOO199 - Changing permissions on rights managed content for users must be enforced. | DISA STIG Office System 2010 v1r5 | Windows | ACCESS CONTROL |
| DTOO200 - Office must be configured to not allow read with browsers. | DISA STIG Office System 2010 v1r5 | Windows | ACCESS CONTROL |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows 10 1607 v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows 10 v1903 v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Restricted Sites Zone | MSCT Windows 10 1607 v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Restricted Sites Zone | MSCT Windows 10 v1903 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 1903 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| User IDs which disclose the privileges associated with it, should not be created. 'lock' | TNS IBM HTTP Server Best Practice Middleware | Unix | ACCESS CONTROL |
| WG470 - Wscript.exe and Cscript.exe are accessible by users other than the SA and Web Manager. - 'cscript.exe' | DISA STIG IIS 6.0 Installation v6r1 | Windows | ACCESS CONTROL |
