| AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-003210 - AlmaLinux OS 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-009810 - AlmaLinux OS 9 must check the GPG signature of locally installed software packages before installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-26-002064 - The macOS system must enable gatekeeper. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000330 - The Arista perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000450 - The Arista perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000640 - The Cisco VPN remote access server must be configured to use AES256 or greater encryption for the Internet Key Exchange (IKE) Phase 1 to protect confidentiality of remote access sessions - IKE Phase 1 to protect confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use AES256 or greater encryption for the IPsec security association to protect the confidentiality of remote access sessions - AES encryption for the IPsec security association to protect the confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r2 | Cisco | ACCESS CONTROL |
| CD12-00-011700 - PostgreSQL must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| CNTR-K8-002630 - Kubernetes API Server must disable token authentication to protect information in transit. | DISA STIG Kubernetes v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000014 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA VMware vSphere 8.0 ESXi STIG v2r3 Unix | Unix | ACCESS CONTROL |
| FGFW-ND-000265 - The FortiGate device must implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| GOOG-16-012500 - Google Android 16 must be configured to disable 'Private Space' use - Private Space use. | MobileIron - DISA Google Android 16 COBO STIG v1r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-16-012500 - Google Android 16 must be configured to disable 'Private Space' use - Private Space use. | MobileIron - DISA Google Android 16 COPE STIG v1r1 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000480 - The Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA Juniper EX Series Network Device Management v2r4 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000510 - The Juniper EX switches must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | MAINTENANCE |
| JUEX-NM-000930 - The Juniper EX switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | ACCESS CONTROL |
| MADB-10-008700 - MariaDB must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-002100 - MongoDB software installation account must be restricted to authorized users. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| MYS8-00-012000 - The MySQL Database Server 8.0 must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-012100 - The MySQL Database Server 8.0 must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-000800 - Oracle Database must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | ACCESS CONTROL |
| OL08-00-010186 - OL 8 IP tunnels must use FIPS 140-3-approved cryptographic algorithms. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL |
| OL09-00-000497 - OL 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002343 - OL 9 SSHD must not allow blank passwords. | DISA Oracle Linux 9 STIG v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000130 - The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000199 - The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010020 - RHEL 8 must implement a FIPS 140-3-compliant systemwide cryptographic policy. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010280 - RHEL 8 IP tunnels must use FIPS 140-3-approved cryptographic algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-211050 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-10-300070 - RHEL 10 must use FIPS 140-3-approved cryptographic algorithms for IP tunnels. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Download is enabled' | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQLI-22-003800 - SQL Server must be configured to use the most-secure authentication method available. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WN11-00-000030 - Windows 11 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest. | DISA Microsoft Windows 11 STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-UR-000015 - The 'Act as part of the operating system' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN22-DC-000110 - Windows Server 2022 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN25-CC-000430 - Windows Server 2025 must disable the Windows Installer Always install with elevated privileges option. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-DC-000080 - Windows Server 2025 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-UR-000020 - The Windows Server 2025 'Act as part of the operating system' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
