| 1.1 UBTU-22-211015 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.2 UBTU-22-212010 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT I | Unix | ACCESS CONTROL |
| 1.8 RHEL-09-211045 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | ACCESS CONTROL |
| 1.8.13 Ensure automatic logon via GUI is not allowed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.95 APPL-14-002069 | CIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I | Unix | ACCESS CONTROL |
| 1.100 UBTU-22-611065 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 5.2.4 Ensure users must provide password for escalation | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-26-006950 - Apple iOS/iPadOS 26 must be configured to enforce a passcode reuse prohibition of at least two generations. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | ACCESS CONTROL |
| APPL-14-002069 - The macOS system must require administrator privileges to modify systemwide settings. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL |
| CASA-VN-000130 - The Cisco ASA must be configured to not accept certificates that have been revoked when using PKI for authentication. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-300056 - The F5 BIG-IP appliance must be configured to use DOD approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-VN-300033 - For accounts using password authentication, the F5 BIG-IP appliance site-to-site IPsec VPN Gateway must use SHA-2 or later protocol to protect the integrity of the password authentication process. | DISA F5 BIG-IP TMOS VPN STIG v1r1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN001640 - Run control scripts must not execute world-writable programs or scripts. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - '.rhosts' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN002040 - There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system - 'hosts.equiv' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN004600 - The SMTP service must be an up-to-date version - 'postfix' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN004620 - The Sendmail server must have the debug feature disabled. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN004620 - The Sendmail server must have the debug feature disabled. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN004640 - The SMTP service must not have a uudecode alias active - '/etc/aliases uudecode alias does not exist' | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN008640 - The system must not use removable media as the boot loader - 'both' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| IBMW-LS-000450 - The WebSphere Liberty Server must use TLS-enabled LDAP. | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-002700 - The MariaDB software installation account must be restricted to authorized users. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-003800 If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004100 MongoDB must enforce authorized access to all PKI private keys stored/used by MongoDB. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000261 - OL 9 SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OL09-00-002412 - OL 9 must be configured so that the systemd Ctrl-Alt-Delete burst key sequence is disabled. | DISA Oracle Linux 9 STIG v1r5 | Unix | ACCESS CONTROL |
| OS10-NDM-000480 - The Dell OS10 Switch must be configured to use DOD-approved OCSP responders or CRLs to validate certificates used for PKI-based authentication. | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000105 - The Photon operating system must enable symlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-001040 - RHEL 10 must check the GNU Privacy Guard (GPG) signature of locally installed software packages before installation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-001050 - RHEL 10 must have GNU Privacy Guard (GPG) signature verification enabled for all software repositories. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701050 - RHEL 10 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000683 - SharePoint-specific malware (i.e., anti-virus) software must be integrated and configured - 'Scan Documents on Upload is enabled' | DISA STIG SharePoint 2010 v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-015700 - Vendor-supported software and patches must be evaluated and patched against newly found vulnerabilities. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-003700 - SQL Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-008300 - Confidentiality of information during transmission must be controlled through the use of an approved TLS version. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000290 - The Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
| UBTU-20-010022 - Ubuntu 20.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001180 - WebSphere Application Server application security must be enabled for each security domain except for publicly available | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN11-CC-000180 - Autoplay must be turned off for non-volume devices. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000010 - Windows Server 2022 must only allow administrators responsible for the domain controller to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-UR-000020 - Windows Server 2022 Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-UR-000060 - Windows Server 2022 create a token object user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN25-DC-000300 - Windows Server 2025 PKI certificates associated with user accounts must be issued by a DOD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
