| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-001138 - NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| DKER-EE-003200 - Docker Enterprise images must be built with the USER instruction to prevent containers from running as root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL |
| EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-008900 - Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-008900 - Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | ACCESS CONTROL |
| Monterey - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| OL08-00-030000 - The OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PGS9-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | ACCESS CONTROL |
| PHTN-40-000019 The Photon operating system must be configured to audit the execution of privileged functions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
