AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-12-011200 - Apple iOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-13-011200 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIOS-14-009400 - Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
AIX7-00-001137 - AIX must be able to control the ability of remote login for users. | DISA STIG AIX 7.x v2r9 | Unix | ACCESS CONTROL |
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Server v2r7 | Unix | ACCESS CONTROL |
ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | ACCESS CONTROL |
ESXI-67-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling SSH. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
ESXI-70-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH). | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | ACCESS CONTROL |
F5BI-LT-000153 - The BIG-IP Core implementation providing intermediary services for remote access communications traffic must control remote access methods to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
GEN008520 - The system must employ a local firewall. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
OL07-00-040100 - The Oracle Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments - PPSM CLSA and vulnerability assessments. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
PANW-AG-000078 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must control remote access methods (inspect and filter traffic). | DISA STIG Palo Alto ALG v2r4 | Palo_Alto | ACCESS CONTROL |
RHEL-07-040100 - The Red Hat Enterprise Linux operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Component Local Service Assessment (PPSM CLSA) and vulnerability assessments. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
RHEL-09-251010 - RHEL 9 must have the firewalld package installed. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
RHEL-09-251015 - The firewalld service on RHEL 9 must be active. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
SLES-12-030030 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
TCAT-AS-001020 - LockOutRealms must be used for management of Tomcat. | DISA STIG Apache Tomcat Application Server 9 v2r7 Middleware | Unix | ACCESS CONTROL |
UBTU-16-030030 - An application firewall must be installed. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
UBTU-16-030050 - An application firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
UBTU-18-010023 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods. | DISA STIG Ubuntu 18.04 LTS v2r14 | Unix | ACCESS CONTROL |
UBTU-18-010507 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw). | DISA STIG Ubuntu 18.04 LTS v2r14 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
VCFL-67-000006 - vSphere Client must be configured to enable SSL/TLS. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
VCLD-67-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
VCLD-70-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WN10-UR-000090 - The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems | DISA Windows 10 STIG v2r9 | Windows | ACCESS CONTROL |
WN16-DC-000410 - The Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2016 STIG v2r8 | Windows | ACCESS CONTROL |
WN19-DC-000410 - Windows Server 2019 Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2019 STIG v2r9 | Windows | ACCESS CONTROL |
WN19-MS-000120 - Windows Server 2019 'Deny log on through Remote Desktop Services' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems - Deny log on through Remote Desktop Services user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems. | DISA Windows Server 2019 STIG v2r9 | Windows | ACCESS CONTROL |