| ESXI-80-000204 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | DISA VMware vSphere 8.0 ESXi STIG v2r3 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-80-000207 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports. | DISA VMware vSphere 8.0 ESXi STIG v2r3 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-80-000214 - The ESXi host must configure the firewall to block network traffic by default. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000220 - The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000226 - The ESXi host must configure a session timeout for the vSphere API. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000236 - The ESXi host must not be configured to override virtual machine (VM) configurations. | DISA VMware vSphere 8.0 ESXi STIG v2r3 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-80-000244 - The ESXi host must enforce the exclusive running of executables from approved VIBs. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000246 - The ESXi host must not enable log filtering. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| PHTN-40-000211 The Photon operating system must configure Secure Shell (SSH) to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000246 The Photon operating system must restrict core dumps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010672 - RHEL 8 must disable acquiring, saving, and processing core dumps. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010770 - All RHEL 8 local initialization files must have mode 0740 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010780 - All RHEL 8 local files and directories must have a valid owner. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040250 - RHEL 8 must not forward IPv6 source-routed packets by default. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040260 - RHEL 8 must not enable IPv6 packet forwarding unless the system is a router. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040286 - RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040321 - The graphical display manager must not be the default target on RHEL 8 unless approved. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-215020 - Ubuntu 22.04 LTS must not have the "systemd-timesyncd" package installed. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-654190 - Ubuntu 22.04 LTS must generate audit records for all events that affect the systemd journal files. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000152 The vCenter Lookup service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WN10-CC-000063 - Windows 10 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP). | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000140 - Inbound exceptions to the firewall on Windows 11 domain workstations must only allow authorized remote management hosts. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000240 - Administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000050 - Hardened UNC Paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000080 - Virtualization-based protection of code integrity must be enabled. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000090 - Group Policy objects must be reprocessed even if they have not changed. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000260 - Windows 11 must be configured to require a minimum pin length of six characters or greater. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000025 - The built-in guest account must be renamed. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000055 - The maximum age for machine account passwords must be configured to 30 days or less. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000140 - Anonymous SID/Name translation must not be allowed. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000040 - Windows Server 2022 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000070 - Windows Server 2022 insecure logons to an SMB server must be disabled. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000080 - Windows Server 2022 hardened Universal Naming Convention (UNC) paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000140 - Windows Server 2022 group policy objects must be reprocessed even if they have not changed. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000150 - Windows Server 2022 directory data (outside the root DSE) of a nonpublic directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000280 - Windows Server 2022 must prevent PKU2U authentication using online identities. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
