Item Search

NameAudit NamePluginCategory
ALMA-09-003760 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the GnuTLS package.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-006620 - The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

ACCESS CONTROL

ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

CONFIGURATION MANAGEMENT

APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled.DISA STIG Apple macOS 11 v1r8Unix

CONFIGURATION MANAGEMENT

APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled.DISA STIG Apple macOS 12 v1r9Unix

CONFIGURATION MANAGEMENT

APPL-13-002063 - The macOS system must disable the guest account.DISA STIG Apple macOS 13 v1r5Unix

CONFIGURATION MANAGEMENT

APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers.DISA Apple macOS 15 (Sequoia) STIG v1r3Unix

CONFIGURATION MANAGEMENT

ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

CONFIGURATION MANAGEMENT

ARST-RT-000450 - The Arista perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF).DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications.DISA STIG Cisco ASA NDM v2r2Cisco

MAINTENANCE

CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.DISA STIG Cisco ASA NDM v2r2Cisco

MAINTENANCE

CASA-ND-001310 - The Cisco ASA must be configured to use at least two authentication servers to authenticate users prior to granting administrative access.DISA STIG Cisco ASA NDM v2r2Cisco

CONFIGURATION MANAGEMENT

CD12-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.DISA STIG Crunchy Data PostgreSQL OS v3r1Unix

ACCESS CONTROL

CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

CONFIGURATION MANAGEMENT

CNTR-R2-001500 - Rancher RKE2 keystore must implement encryption to prevent unauthorized disclosure of information at rest within Rancher RKE2.DISA Rancher Government Solutions RKE2 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

EPAS-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users.EnterpriseDB PostgreSQL Advanced Server DB v2r1PostgreSQLDB

CONFIGURATION MANAGEMENT

ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use.MobileIron - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use.AirWatch - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

JUEX-NM-000510 - The Juniper EX switches must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.DISA Juniper EX Series Network Device Management v2r2Juniper

MAINTENANCE

MADB-10-000200 - MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.DISA MariaDB Enterprise 10.x v2r3 DBMySQLDB

ACCESS CONTROL

MADB-10-002700 - The MariaDB software installation account must be restricted to authorized users.DISA MariaDB Enterprise 10.x v2r3 DBMySQLDB

CONFIGURATION MANAGEMENT

MADB-10-008700 - MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.DISA MariaDB Enterprise 10.x v2r3 DBMySQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OSUnix

ACCESS CONTROL

MD4X-00-002100 - MongoDB software installation account must be restricted to authorized users.DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OSUnix

CONFIGURATION MANAGEMENT

MD7X-00-000200 MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

ACCESS CONTROL

MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

ACCESS CONTROL

MYS8-00-012100 - The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

O19C-00-008000 - The Oracle Database software installation account must be restricted to authorized users.DISA Oracle Database 19c STIG v1r1 DatabaseOracleDB

CONFIGURATION MANAGEMENT

PHTN-40-000079 The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

ACCESS CONTROL

PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

ACCESS CONTROL

PHTN-40-000239 The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA Red Hat Enterprise Linux 8 STIG v2r3Unix

ACCESS CONTROL

SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Download is enabled'DISA STIG SharePoint 2010 v1r9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Upload is enabled'DISA STIG SharePoint 2010 v1r9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

SQL2-00-022600 - SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipherDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-NM-000290 - The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.DISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

MAINTENANCE

VCFL-67-000007 - vSphere Client must be configured to only communicate over TLS 1.2.DISA STIG VMware vSphere 6.7 Virgo Client v1r2Unix

ACCESS CONTROL

WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

ACCESS CONTROL

WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

ACCESS CONTROL

WN11-00-000030 - Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-CC-000180 - Autoplay must be turned off for non-volume devices.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000185 - The default autorun behavior must be configured to prevent autorun commands.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-CC-000190 - Autoplay must be disabled for all drives.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-UR-000065 - The 'Debug programs' user right must only be assigned to the Administrators group.DISA Microsoft Windows 11 STIG v2r3Windows

ACCESS CONTROL

WN22-CC-000220 - Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-CC-000230 - Windows Server 2022 AutoPlay must be disabled for all drives.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-DC-000080 - Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permissions.DISA Microsoft Windows Server 2022 STIG v2r4Windows

ACCESS CONTROL