| AIOS-16-013500 - Apple iOS must implement the management setting: Not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- transmits MD diagnostic data to non-DOD servers;- allows synchronization of data or applications between devices associated with user; and- allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-014700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-701000 - Apple iOS/iPadOS 17 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-707000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-714700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIX7-00-002144 - The AIX /etc/syslog.conf file must be owned by root. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002148 - The AIX /var/spool/cron/atjobs directory must be group-owned by cron. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - Unsigned Applications | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - Access Control List | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User directory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Public permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableStealthMode | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006100 - Google Android 13 must be configured to not allow passwords that include more than four repeating or sequential characters - Alphanumeric | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010000 - Google Android 13 must have the DOD root and intermediate PKI certificates installed. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010400 - The Google Android 13 work profile must be configured to disable automatic completion of work space internet browser text input. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010800 - Android 13 devices must have the latest available Google Android 13 operating system installed. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010900 - Android 13 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| PHTN-30-000078 - The Photon operating system must configure sshd to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000081 - The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000094 - The Photon operating system must be configured so that all files have a valid owner and group owner. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000099 - The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000108 - The Photon operating system must be configured to protect the Secure Shell (SSH) public host key from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCSA-80-000248 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000269 - The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000274 - The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000278 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000283 - The vCenter Server must disable Username/Password and Windows Integrated Authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000284 - The vCenter Server must restrict access to the default roles with cryptographic permissions. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000286 - The vCenter Server must have Mutual Challenge Handshake Authentication Protocol (CHAP) configured for vSAN Internet Small Computer System Interface (iSCSI) targets. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000292 - The vCenter server configuration must be backed up on a regular basis. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000006 - Independent, nonpersistent disks must not be used on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000007 - Host Guest File System (HGFS) file transfers must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000011 - Unauthorized serial devices must be disconnected on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000017 - The virtual machine (VM) must not be able to obtain host information from the hypervisor. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000020 - System administrators must use templates to deploy virtual machines (VMs) whenever possible. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000021 - Use of the virtual machine (VM) console must be minimized. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000022 - The virtual machine (VM) guest operating system must be locked when the last console connection is closed. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000028 - DirectPath I/O must be disabled on the virtual machine (VM) when not required. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
