| 1.21 RHEL-09-213010 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.22 RHEL-09-213015 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.24 RHEL-09-213025 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-041050 - AlmaLinux OS 9 must restrict access to the kernel message buffer. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-041160 - AlmaLinux OS 9 must prevent kernel profiling by nonprivileged users. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA Apache Server 2.4 Windows Site STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W2-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA Apache Server 2.4 Windows Site STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000200 - Amazon Linux 2023 must restrict access to the kernel message buffer. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000205 - Amazon Linux 2023 must prevent kernel profiling by nonprivileged users. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-000210 - Amazon Linux 2023 must restrict exposed kernel pointer addresses access. | DISA Amazon Linux 2023 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionality | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000200 - Exchange Mailbox databases must reside on a dedicated partition. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000132 - The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000132 - The IIS 8.5 web server must separate the hosted applications from hosted web server management functionality. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000355 - The JBoss server must separate hosted application functionality from application server management functionality. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD8X-00-004400 - MongoDB must separate user functionality (including user interface services) from database management functionality. | DISA MongoDB Enterprise Advanced 8.x STIG v1r1 MongoDB | MongoDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-P2-017300 - The DBMS must separate user functionality (including user interface services) from database management functionality. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-P2-017300 - The DBMS must separate user functionality (including user interface services) from database management functionality. | DISA Oracle Database 12c STIG v3r5 OracleDB | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000266 - OHS accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-002406 - OL 9 must restrict access to the kernel message buffer. | DISA Oracle Linux 9 STIG v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-002407 - OL 9 must prevent kernel profiling by nonprivileged users. | DISA Oracle Linux 9 STIG v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-002408 - OL 9 must restrict exposed kernel pointer addresses access. | DISA Oracle Linux 9 STIG v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-213010 - RHEL 9 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213015 - RHEL 9 must prevent kernel profiling by nonprivileged users. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-701030 - RHEL 10 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-701040 - RHEL 10 must prevent kernel profiling by nonprivileged users. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-701060 - RHEL 10 must restrict exposed kernel pointer address access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| SHPT-00-000690 - The Central Administration site must not be accessible from Extranet or Internet connections. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SHPT-00-000692 - Access to Central Administration site must be limited to authorized users and groups. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000780 - Access to JMX management interface must be restricted. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-000790 - Access to Tomcat manager application must be restricted. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000017 - ESX Agent Manager directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000017 - Lookup Service directory tree must have permissions in an out-of-the-box state - out-of-the box state. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000016 - Performance Charts directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-70-000017 - Performance Charts directory tree must have permissions in an out-of-the-box state. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000016 - vSphere UI directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000005 - The vCenter Server users must have the correct roles assigned. | DISA VMware vSphere vCenter Server Version 6 STIG v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-08-000222 - Oracle WebLogic must separate hosted application functionality from Oracle WebLogic management functionality. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WPAW-00-001300 - A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource. | DISA Microsoft Windows PAW STIG v3r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
