| 5.2.2.12 (L1) Ensure the device code sign-in flow is blocked | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| AIOS-11-080201 - Apple iOS must not allow backup to locally connected systems. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ALMA-09-001340 - AlmaLinux OS 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-001560 - AlmaLinux OS 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-003650 - AlmaLinux OS 9 must force a frequent session key renegotiation for SSH connections to the server. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-004750 - AlmaLinux OS 9 must automatically expire temporary accounts within 72 hours. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-006290 - AlmaLinux OS 9 must require a boot loader password. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-006400 - AlmaLinux OS 9 must require a unique superuser's name upon booting into single-user and maintenance modes. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-007060 - AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control on hardlinks. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-008710 - AlmaLinux OS 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-042260 - A sticky bit must be set on all AlmaLinux OS 9 public directories. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-042810 - All AlmaLinux OS 9 networked systems must implement SSH to protect the confidentiality and integrity of transmitted and received information, including information being prepared for transmission. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-042920 - All AlmaLinux OS 9 networked systems must have the OpenSSH server installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-043140 - AlmaLinux OS 9 must implement DOD-approved encryption in the bind package. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-044130 - AlmaLinux OS 9 /var/log/messages file must be owned by root. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-044240 - AlmaLinux OS 9 /var/log/messages file must have mode 0640 or less permissive. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-045450 - AlmaLinux OS 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-046220 - AlmaLinux OS 9 must generate audit records for any use of the "poweroff" command. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-046880 - AlmaLinux OS 9 must produce audit records containing information to establish the identity of any individual or process associated with the event. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-051830 - AlmaLinux OS 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052490 - AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-053260 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-053920 - AlmaLinux OS 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054360 - AlmaLinux OS 9 audit system must make full use of the audit storage space. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054470 - AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054690 - AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-055680 - AlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| GOOG-09-001100 - The Google Android Pie whitelist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001100 - Google Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 13 COBO STIG v2r3 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 13 COBO STIG v2r3 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-006700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 13 COPE STIG v2r3 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-706700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics (work profile only): | MobileIron - DISA Google Android 13 BYOAD v1r3 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-001100 - The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics: | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-006700 - Honeywell Android 13 allowlist must be configured to not include applications with the following characteristics: | AirWatch - DISA Honeywell Android 13 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTS-11-001100 - Motorola Solutions Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-001100 - Zebra Android 10 whitelist must be configured to not include applications with the following characteristics: | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-001100 - Zebra Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
