| AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | ACCESS CONTROL |
| ALMA-09-006620 - The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | ACCESS CONTROL |
| ALMA-09-045125 - AlmaLinux OS 9 must be a supported release. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002062 - The macOS system must disable Bluetooth when no approved device is connected. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.x NDM v2r2 | Arista | MAINTENANCE |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| CNTR-K8-001162 - Kubernetes Secrets must be encrypted at rest. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| CNTR-K8-002001 - Kubernetes must enable PodSecurity admission controller on static pods and Kubelets. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | ACCESS CONTROL |
| FGFW-ND-000265 - The FortiGate device must implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000520 - The Juniper EX switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | MAINTENANCE |
| JUEX-RT-000370 - The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-008600 - MariaDB must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-007400 - Oracle Database products must be a version supported by the vendor. | DISA Oracle Database 19c STIG v1r2 OracleDB | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| O19C-00-011800 - Database administrator (DBA) OS accounts must be granted only those host system privileges necessary for the administration of the Oracle Database. | DISA Oracle Database 19c STIG v1r2 Unix | Unix | CONFIGURATION MANAGEMENT |
| O19C-00-011800 - Database administrator (DBA) OS accounts must be granted only those host system privileges necessary for the administration of the Oracle Database. | DISA Oracle Database 19c STIG v1r2 Windows | Windows | CONFIGURATION MANAGEMENT |
| O19C-00-011900 - Oracle Database default accounts must be assigned custom passwords. | DISA Oracle Database 19c STIG v1r2 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-018600 - Oracle Database software must be evaluated and patched against newly found vulnerabilities. | DISA Oracle Database 19c STIG v1r2 OracleDB | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010000 - OL 8 must be a vendor-supported release. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010470 - There must be no ".shosts" files on the OL 8 operating system. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010830 - OL 8 must not allow users to override SSH environment variables. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-020331 - OL 8 must not allow blank or null passwords in the system-auth file. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002343 - OL 9 SSHD must not allow blank passwords. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-003000 - OL 9 must be configured so that the root account is the only account having unrestricted access to the system. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000130 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010510 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-020181 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020300 - The SUSE operating system must not be configured to allow blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040062 - The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-015700 - Vendor-supported software and patches must be evaluated and patched against newly found vulnerabilities. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-017500 - SQL Server must recover to a known state that is verifiable. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000310 - Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - cli timeout | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000310 - Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - web timeout | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN11-00-000030 - Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest. | DISA Microsoft Windows 11 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000110 - Windows Server 2022 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | ACCESS CONTROL |
