| 1.8.7.2.6 Ensure 'Require That Application Add-ins Are Signed By Trusted Publisher' to Enabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.07 otrace - 'Disable' - no .dat files | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| AIOS-16-013200 - The Apple iOS/iPadOS 16 must be supervised by the MDM. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'Oracle DBA is only a member of ORA_DBA and Users group' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0019-ORACLE11 - Application software should be owned by a Software Application account - 'Oracle base directory file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0021-ORACLE11 - A baseline of database application software should be documented and maintained. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0053-ORACLE11 - A single database connection configuration file should not be used to configure all database clients. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '%ORACLE_HOME%\ldap\admin\fips.ora SSLFIPS_140 = TRUE' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '$ORACLE_HOME/ldap/admin/fips.ora SSLFIPS_140 = true' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0095-ORACLE11 - Audit trail data should be reviewed daily or more frequently. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/listener.ora PROGRAM=EXTPROC does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0101-ORACLE11 - OS accounts used to execute external procedures should be assigned minimum privileges. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '$ORACLE_HOME/network/admin/cman.ora source and destination addresses are configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0104-ORACLE11 - DBMS service identification should be unique and clearly identifies the service - 'All Oracle services use the proper naming' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0108-ORACLE11 - The DBMS restoration priority should be assigned. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0115-ORACLE11 - Recovery procedures and technical system features exist to ensure that recovery is done in a secure and verifiable manner. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0115-ORACLE11 - Recovery procedures and technical system features exist to ensure that recovery is done in a secure and verifiable manner. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0118-ORACLE11 - The IAM should review changes to DBA role assignments. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0129-ORACLE11 - Passwords should be encrypted when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - 'Oracle listeners are running on approved ports' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0154-ORACLE11 - The DBMS requires a System Security Plan containing all required information. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0155-ORACLE11 - The DBMS should have configured all applicable settings to use trusted files, functions, features, or other components during startup, shutdown, aborts, or other unplanned interruptions. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0171-ORACLE11 - The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0176-ORACLE11 - The DBMS audit logs should be included in backup operations. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0186-ORACLE11 - The database should not be directly accessible from public or unauthorized networks. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0191-ORACLE11 - Credentials used to access remote databases should be protected by encryption and restricted to authorized users. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG0194-ORACLE11 - Privileges assigned to developers on shared production and development DBMS hosts and the DBMS should be monitored every three months or more frequently for unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0430-ORACLE11 - The Oracle Management Agent should be uninstalled if not required and authorized or is installed on a database accessible from the Internet. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\Log\sqlnet.log file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_FILE_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_LEVEL_SERVER' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_LEVEL_SERVER' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO6740-ORACLE11 - The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora ADMIN_RESTRICTIONS_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DO6746-ORACLE11 - The Oracle listener.ora file should specify IP addresses rather than host names to identify hosts - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora HOST does not use hostname' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO6746-ORACLE11 - The Oracle listener.ora file should specify IP addresses rather than host names to identify hosts - '$ORACLE_HOME/network/admin/listener.ora HOST entroes do not use hostnames' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '%ORACLE_HOME%\NETWORK\ADMIN\CMAN.ORA does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '$ORACLE_HOME/network/admin/cman.ora REMOTE_ADMIN = no' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO6751-ORACLE11 - The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter must be set to a value of 11 or higher - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.ALLOWED_LOGON_VERSION > 11' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| WN12-CC-000023 - Windows must be prevented from sending an error report when a device driver requests additional software during installation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000023 - Windows must be prevented from sending an error report when a device driver requests additional software during installation. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
