| 1.9 RHEL-09-211050 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | ACCESS CONTROL |
| ALMA-09-003320 - The AlmaLinux 9 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-006620 - The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-009920 - AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002063 - The macOS system must disable the guest account. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | MAINTENANCE |
| ARST-RT-000330 - The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000115 - Amazon Linux 2023 must check the GPG signature of locally installed software packages before installation. | DISA Amazon Linux 2023 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| AZLX-23-000120 - Amazon Linux 2023 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Amazon Linux 2023 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications. | DISA STIG Cisco ASA NDM v2r4 | Cisco | MAINTENANCE |
| CASA-ND-001150 - The Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco ASA NDM v2r4 | Cisco | MAINTENANCE |
| CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CD12-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
| CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| EX19-MB-000134 - Exchange servers must have an approved DOD email-aware virus protection software installed. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | ACCESS CONTROL |
| GEN006380 - The system must not use UDP for NIS/NIS+. | DISA AIX 5.3 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use - Private Space use. | AirWatch - DISA Google Android 15 COBO STIG v1r3 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-012500 - Google Android 15 must be configured to disable 'Private Space' use - Private Space use. | MobileIron - DISA Google Android 15 COPE STIG v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MADB-10-000200 - MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | ACCESS CONTROL |
| MD4X-00-001600 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | ACCESS CONTROL |
| MD7X-00-000200 MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | ACCESS CONTROL |
| O19C-00-017700 - Oracle Database must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-000255 - OL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-000498 - OL 9 must have GPG signature verification enabled for all software repositories. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002404 - OL 9 IP tunnels must use 140-3 approved cryptographic algorithms. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-002413 - OL 9 must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| PHTN-40-000079 - The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000239 - The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-010290 - The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010291 - The RHEL 8 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-255050 - RHEL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | MAINTENANCE |
| RHEL-09-255064 - The RHEL 9 SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-411100 - The root account must be the only account having unrestricted access to RHEL 9 system. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-671020 - RHEL 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-10-200631 - RHEL 10 must use cryptographic mechanisms to protect the integrity of audit tools. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000300 - The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
| WN11-00-000031 - Windows 11 systems must use a BitLocker PIN for pre-boot authentication. | DISA Microsoft Windows 11 STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-CC-000210 - Windows Server 2022 Autoplay must be turned off for nonvolume devices. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-CC-000210 - Windows Server 2025 AutoPlay must be turned off for nonvolume devices. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-CC-000220 - Windows Server 2025 default AutoRun behavior must be configured to prevent AutoRun commands. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-CC-000230 - Windows Server 2025 AutoPlay must be disabled for all drives. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-DC-000090 - Windows Server 2025 Active Directory (AD) Group Policy Objects (GPOs) must have proper access control permissions. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-DC-000100 - Windows Server 2025 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-UR-000060 - The Windows Server 2025 'Create a token object' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-UR-000100 - The Windows Server 2025 'Debug programs' user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
