ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
ALMA-09-006620 - The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
APPL-13-002063 - The macOS system must disable the guest account. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
ARST-RT-000450 - The Arista perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. | DISA STIG Cisco ASA NDM v2r2 | Cisco | MAINTENANCE |
CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco ASA NDM v2r2 | Cisco | MAINTENANCE |
CASA-ND-001310 - The Cisco ASA must be configured to use at least two authentication servers to authenticate users prior to granting administrative access. | DISA STIG Cisco ASA NDM v2r2 | Cisco | CONFIGURATION MANAGEMENT |
CD12-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
CNTR-R2-001500 - Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
EPAS-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use. | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
JUEX-NM-000510 - The Juniper EX switches must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | MAINTENANCE |
MADB-10-000200 - MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | ACCESS CONTROL |
MADB-10-002700 - The MariaDB software installation account must be restricted to authorized users. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | CONFIGURATION MANAGEMENT |
MADB-10-008700 - MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | ACCESS CONTROL |
MD4X-00-002100 - MongoDB software installation account must be restricted to authorized users. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
MD7X-00-000200 MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | ACCESS CONTROL |
MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
MYS8-00-012100 - The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
O19C-00-008000 - The Oracle Database software installation account must be restricted to authorized users. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
PHTN-40-000079 The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
PHTN-40-000239 The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Download is enabled' | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Upload is enabled' | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
SQL2-00-022600 - SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
SYMP-NM-000290 - The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
VCFL-67-000007 - vSphere Client must be configured to only communicate over TLS 1.2. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL |
WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
WN11-00-000030 - Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
WN11-CC-000180 - Autoplay must be turned off for non-volume devices. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
WN11-CC-000185 - The default autorun behavior must be configured to prevent autorun commands. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
WN11-CC-000190 - Autoplay must be disabled for all drives. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
WN11-UR-000065 - The 'Debug programs' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
WN22-CC-000220 - Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
WN22-CC-000230 - Windows Server 2022 AutoPlay must be disabled for all drives. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
WN22-DC-000080 - Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |