| ADBP-XI-001280 - Adobe Acrobat Pro XI Default Handler changes must be disabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | CONFIGURATION MANAGEMENT |
| ADBP-XI-001325 - Adobe Acrobat Pro XI privileged site locations must be disabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | CONFIGURATION MANAGEMENT |
| APPL-11-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| EDGE-00-000004 - The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used. | DISA STIG Edge v2r2 | Windows | MAINTENANCE |
| EX19-MB-000127 - Exchange receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000242 - The F5 BIG-IP appliance must be configured to enable the 'Secure' cookie flag - Secure cookie flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set server | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| GEN001280 - Manual page files must have mode 0644 or less permissive - '/usr/share/infopage/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN001290 - All manual page files must not have extended ACLs - '/usr/share/info' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN001780 - Global initialization files must contain the 'mesg -n' or 'mesg n' commands - '/etc/bashrc' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN001780 - Global initialization files must contain the 'mesg -n' or 'mesg n' commands - '/etc/suid_profile' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN002715 - System audit tool executables must be owned by root - '/sbin/aureport' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002715 - System audit tool executables must be owned by root - '/sbin/ausearch' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002716 - System audit tool executables must be group-owned by bin, sys, or system - '/usr/sbin/auditstream' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002716 - System audit tool executables must be group-owned by root, bin, sys, or system - '/sbin/auditctl' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditpr' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/sbin/aureport' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/sbin/ausearch' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditmerge' | DISA STIG AIX 6.1 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077 - '/etc/cron.daily/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077 - '/var/spool/cron/*' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN003520 - The kernel core dump data directory must be owned by root. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003521 - The kernel core dump data directory must be group-owned by root, bin, sys, or system. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003523 - The kernel core dump data directory must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003602 - The system must not process Internet Control Message Protocol (ICMP) timestamp requests - 'timestamp-reply -j DROP' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003620 - A separate file system must be used for user home directories (such as /home or equivalent). | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN003624 - The system must use a separate file system for /tmp (or equivalent). | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN003800 - Xinetd logging/tracing must be enabled - '/etc/xinetd.d/* log_on_success' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003860 - The system must not have the finger service active. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN004440 - Sendmail logging must not be set to less than nine in the sendmail.cf file. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN004560 - The SMTP service's SMTP greeting must not provide version information. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN004560 - The SMTP service's SMTP greeting must not provide version information. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN005770 - The NFS exports configuration file must not have an extended ACL. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN008500 - The system must have IEEE 1394 (Firewire) disabled unless needed. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| JUEX-RT-000100 - The Juniper router configured for BGP must reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services - EMM to perform the following management function: Enable/disable location services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-214035 - RHEL 9 must remove all software components after updated versions have been installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SPLK-CL-000170 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-017510 - Appropriate staff must be alerted when the amount of storage space used by the SQL Server transaction log file(s) exceeds an organization-defined value - s exceeds an organization-defined value. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent - email addresses | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653020 - Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-400340 - Ubuntu 24.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001520 - The WebSphere Application Server must not generate LTPA keys automatically. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001530 - The WebSphere Application Server must periodically regenerate LTPA keys. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
