| AIOS-01-080006 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-002990 - AlmaLinux OS 9 SSH client must be configured to use only encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-003540 - The AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-003870 - AlmaLinux OS 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| ALMA-09-009590 - AlmaLinux OS 9 must check the GPG signature of software packages originating from external software repositories before installation. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002060 - The macOS system must apply gatekeeper settings to block applications from unidentified developers. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-002064 - The macOS system must enable gatekeeper. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | CONFIGURATION MANAGEMENT |
| ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | MAINTENANCE |
| ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| BIND-9X-001910 - The BIND 9.x server implementation must be configured with a channel to send audit records to at least two remote syslogs. | DISA BIND 9.x STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CNTR-K8-002620 - Kubernetes API Server must disable basic authentication to protect information in transit. | DISA STIG Kubernetes v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | ACCESS CONTROL |
| F5BI-VN-300004 - The F5 BIG-IP appliance must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1. | DISA F5 BIG-IP TMOS VPN STIG v1r1 | F5 | ACCESS CONTROL |
| F5BI-VN-300005 - The F5 BIG-IP appliance IPsec VPN Gateway must use AES256 or higher encryption for the Internet Key Exchange (IKE) proposal to protect confidentiality of remote access sessions. | DISA F5 BIG-IP TMOS VPN STIG v1r1 | F5 | ACCESS CONTROL |
| FGFW-ND-000260 - The FortiGate devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| GOOG-16-012500 - Google Android 16 must be configured to disable 'Private Space' use - Private Space use. | AirWatch - DISA Google Android 16 COPE STIG v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MD8X-00-000200 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix | Unix | ACCESS CONTROL |
| O19C-00-000800 - Oracle Database must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | ACCESS CONTROL |
| O19C-00-008000 - The Oracle Database software installation account must be restricted to authorized users. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-017700 - Oracle Database must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA Oracle Database 19c STIG v1r3 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-017700 - Oracle Database must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA Oracle Database 19c STIG v1r3 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O19C-00-017700 - Oracle Database must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA Oracle Database 19c STIG v1r5 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010185 - The OL 8 SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL |
| OL09-00-000254 - OL 9 SSH server must be configured to use only ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-000496 - OL 9 must check the GPG signature of locally installed software packages before installation. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| OS10-NDM-000780 - The Dell OS10 Switch must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | MAINTENANCE |
| OS10-NDM-000790 - The Dell OS10 Switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | MAINTENANCE |
| OS10-NDM-000930 - The Dell OS10 Switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| PHTN-40-000092 - The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-010020 - RHEL 8 must implement a FIPS 140-3-compliant systemwide cryptographic policy. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010280 - RHEL 8 IP tunnels must use FIPS 140-3-approved cryptographic algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-255070 - The RHEL 9 SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| RHEL-09-255075 - The RHEL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| SHPT-00-000640 - Applications must support organizational requirements to employ cryptographic mechanisms to protect information in storage. | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-016500 - SQL Server must have the SQL Server Data Tools (SSDT) software component removed from SQL Server if SSDT is unused. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQLD-22-000100 - SQL Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Microsoft SQL Server 2022 Database STIG v1r3 | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-006700 - SQL Server software installation account must be restricted to authorized users. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000130 - The WebSphere Application Server administrative security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000140 - The WebSphere Application Server bus security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN11-00-000070 - Only accounts responsible for the administration of a system must have Administrator rights on the system. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN11-CC-000185 - The default autorun behavior must be configured to prevent autorun commands. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000190 - Autoplay must be disabled for all drives. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN11-UR-000045 - The 'Create a token object' user right must not be assigned to any groups or accounts. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN11-UR-000065 - The 'Debug programs' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r7 | Windows | ACCESS CONTROL |
| WN22-DC-000080 - Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-DC-000090 - Windows Server 2022 Active Directory Group Policy objects must have proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
