| AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-037750 - AlmaLinux OS 9 must not have any File Transfer Protocol (FTP) packages installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-037860 - AlmaLinux OS 9 must not have any telnet packages installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-002031 - The macOS system must be configured to disable the system preference pane for Apple ID. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002069 The macOS system must require administrator privileges to modify systemwide settings. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000640 - The Cisco VPN remote access server must be configured to use AES256 or greater encryption for the Internet Key Exchange (IKE) Phase 1 to protect confidentiality of remote access sessions - IKE Phase 1 to protect confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use AES256 or greater encryption for the IPsec security association to protect the confidentiality of remote access sessions - AES encryption for the IPsec security association to protect the confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CD12-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-011700 - PostgreSQL must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| CNTR-K8-000220 - The Kubernetes Controller Manager must create unique service accounts for each work payload. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above. | DISA STIG Mozilla Firefox Linux v6r6 | Unix | ACCESS CONTROL |
| FGFW-ND-000260 - The FortiGate devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| GEN000100 - The operating system must be a supported release. | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN000560 - The system must not have accounts configured with blank or null passwords. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000560 - The system must not have accounts configured with blank or null passwords. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.shosts' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN004600 - The SMTP service must be an up-to-date version. | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN004620 - The Sendmail server must have the debug feature disabled. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN005200 - X displays must not be exported to the world. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN005300 - SNMP communities, users, and passphrases must be changed from the default. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008600 - The system must be configured to only boot from the system boot device. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN008640 - The system must not use removable media as the boot loader - 'service' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000480 - The Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA Juniper EX Series Network Device Management v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000930 - The Juniper EX switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | ACCESS CONTROL |
| MD7X-00-002700 MongoDB software installation account must be restricted to authorized users. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| MD7X-00-003800 If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004100 MongoDB must enforce authorized access to all PKI private keys stored/used by MongoDB. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-005200 - If passwords are used for authentication, the MySQL Database Server 8.0 must transmit only encrypted representations of passwords. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-012000 - The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-014800 - Oracle Database must for password-based authentication, store passwords using an approved salted key derivation function, preferably using a keyed hash. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000199 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000640 - Applications must support organizational requirements to employ cryptographic mechanisms to protect information in storage. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000300 - The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
| UBTU-24-400370 - Ubuntu 24.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-UR-000015 - The 'Act as part of the operating system' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000045 - The 'Create a token object' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN22-CC-000210 - Windows Server 2022 Autoplay must be turned off for nonvolume devices. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000110 - Windows Server 2022 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000290 - Windows Server 2022 domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-UR-000020 - Windows Server 2022 Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
