| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_{SID}_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0017-ORACLE11 - A production DBMS installation should not coexist on the same DBMS host with other, non-production DBMS installations. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - all protocols use TCPS' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\rdbms\admin\externaljob.ora run_user = nobody' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora run_group = nobody' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.invited_nodes = valid IP Range' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - valid source and destination IPs are used in rules' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0122-ORACLE11 - Access to sensitive data should be restricted to authorized users identified by the Information Owner - 'logfile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO3622-ORACLE11 - Oracle roles granted using the WITH ADMIN OPTION should not be granted to unauthorized accounts. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/log/listener.log mode 640' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/log/sqlnet.log mode 640' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DTBI030 - Font downloads must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI120 - Font downloads must be disallowed (Restricted Site zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI127 - Installation of desktop items must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI355 - Third-party browser extensions must be disallowed. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI820 - Launching programs and unsafe files property must be set to prompt (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI880 - ActiveX controls without prompt property must be used in approved domains only (Restricted Site zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI900 - Internet Explorer Processes Restrict ActiveX Install must be enforced (Reserved). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI930 - .NET Framework-reliant components signed with Authenticode must be disallowed to run (Internet Zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO183 - Office System - The Opt-In Wizard must be disabled. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO190 - Office System - The encryption type for password protected Office 97 thru Office 2003 must be set. | DISA STIG Office System 2010 v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO197 - Office System - Smart Documents use of Manifests in Office must be disallowed. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO206 - Office System - Inclusion of document properties for PDF and XPS output must be disallowed. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO212 - Office System - Blogging entries created from inside Office products must be configured for Sharepoint only. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| GEN000290 - The system must not have unnecessary accounts - 'ftp does not exsit' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs). | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000340 - UIDs reserved for system accounts must not be assigned to non-system accounts. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN000402 - The DoD login banner must be displayed as part of graphical desktop environment login prompts - 'Dtlogin*greeting.labelString' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000410 - The FTPS/FTP service on the system must be configured with the DoD login banner - '/etc/ftpaccess.ctl group-owned by system' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000410 - The FTPS/FTP service on the system must be configured with the DoD login banner - '/etc/ftpaccess.ctl owned by root' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000410 - The FTPS/FTP service on the system must be configured with the DoD login banner - '/etc/ftpaccess.ctl permissions are 640' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000410 - The FTPS/FTP service on the system must be configured with the DoD login banner - '/etc/herald contains banner' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000410 - The FTPS/FTP service on the system must be configured with the DoD login banner - '/etc/herald group-owned by system' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000945 - The root account's library search path must be the system default and must contain only absolute paths. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN000950 - The root account's list of preloaded libraries must be empty. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001060 - The system must log successful and unsuccessful access to the root account. | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN001190 - All network services daemon files must not have extended ACLs - /usr/bin/* | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001320 - NIS/NIS+/yp files must be owned by root, sys, or bin - '/usr/lib/nis/*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001340 - NIS/NIS+/yp files must be group-owned by sys, bin, other, or system - '/var/yp/*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001360 - The NIS/NIS+/yp files must have mode 0755 or less permissive - '/var/nis/*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| WA000-WI6032 IIS6 - The Enable pinging monitor must be enabled. - 'PingingEnabled set to True' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6034 IIS6 - The Enable rapid-fail protection monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6098 IIS6 - The MaxRequestEntityAllowed metabase value must be defined. - 'IisWebVirtualDirSetting' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA022 W22 - The KeepAlive directive must be enabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA032 A22 - The httpd.conf MaxClients directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - '-ExecCGI' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'SetHandler' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA052 W22 - The FollowSymLinks setting must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA064 W22 - The HTTP request header field size must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG145 IIS6 - The private web server must use an approved DoD certificate validation process. - 'Check W3SVC CertCheckMode' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | IDENTIFICATION AND AUTHENTICATION |
