| 1.131 APPL-14-003080 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.0 Install & Config - 'Disable SSHv1' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.0 Install & Config - 'Disable SSLv2' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.0 Install & Config - 'Disable Telnet' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.1 Enable Secure Admin Access - 'ssh.access is not unlimited' | TNS NetApp Data ONTAP 7G | NetApp | |
| 2.1 Enable Secure Admin Access - 'ssh.pubkey_auth.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.1 Enable Secure Admin Access - 'telnet.distinct.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 2.4 Password Security - 'security.passwd.rules.everyone = on' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.history = 6' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.maximum >= 14' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.minimum >= 8' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.minimum.alphabetic = 2' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.minimum.digit = 1' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Password Security - 'security.passwd.rules.minimum.symbol = 1' | TNS NetApp Data ONTAP 7G | NetApp | IDENTIFICATION AND AUTHENTICATION |
| 2.7 Network & IP Options - 'ip.fastpath.enable = off' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.7 Network & IP Options - 'ip.icmp_ignore_redirect.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.7 Network & IP Options - 'ip.ping_throttle.drop_level <= 100' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.8 Protocol Access Controls - 'interface.blocked.ftpd is not blank' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.iscsi is not blank' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.ndmp has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.nfs has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Storage System (Hardware) Management - 'FW version >= 4.0' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.1 Storage System (Hardware) Management - 'Place the interface on a management VLAN' | TNS NetApp Data ONTAP 7G | NetApp | |
| 3.2 Data ONTAP (Software) Mgmt - 'httpd.admin.hostsequiv.enable = off' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2 Restrict Access to SYSIBM.SYSAUDITUSE | CIS IBM DB2 12.1 v1.0.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2 SnapMirror - 'replication.throttle.incoming.max_kbs has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 SnapMirror - 'snapmirror.allow file should be reviewed' | TNS NetApp Data ONTAP 7G | NetApp | |
| 5.4 CIFS - 'cifs.audit.autosave.ontime.interval has been configured' | TNS NetApp Data ONTAP 7G | NetApp | AUDIT AND ACCOUNTABILITY |
| 5.4 CIFS - 'cifs.audit.nfs.filter.filename has been configured' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.4 CIFS - 'cifs.gpo.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.4 CIFS - 'cifs.smb2.signing.required = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'ldap.security.level = 1 or 2' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 CIFS - 'ldap.ssl.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 NFS - 'nfs.kerberos.realm has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 NFS - 'nfs.v4.write_delegation = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 5.5 NFS - 'wafl.default_nt_user has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 5.5 NFS - 'wafl.default_security_style has been configured' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 6.2 Restrict Access to SYSCAT.AUDITUSE | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 9.12 Set 'Turn off Crash Detection' to 'Enabled' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| BIND-9X-001920 - The BIND 9.x server implementation must not be configured with a channel to send audit records to null. | DISA BIND 9.x STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-FW-000020 - The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones. | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| F5BI-AS-000167 - The BIG-IP ASM module must be configured to detect code injection attacks launched against application objects including, at a minimum, application URLs and application code, when providing content filtering to virtual servers. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | ACCESS CONTROL |
| F5BI-LT-000167 - The BIG-IP Core implementation must be configured to detect code injection attacks being launched against application objects, including, at a minimum, application URLs and application code, when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | ACCESS CONTROL |
| MS.AAD.4.1v1 - Security logs SHALL be sent to the agency's security operations center for monitoring. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| OL08-00-040310 - The OL 8 file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA Oracle Linux 8 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-002394 - OL 9 must clear the page allocator to prevent use-after-free attacks. | DISA Oracle Linux 9 STIG v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000149 - The Palo Alto Networks security platform must inspect inbound and outbound HTTP traffic (if authorized) for protocol compliance and protocol anomalies. | DISA Palo Alto Networks ALG STIG v3r4 | Palo_Alto | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| SLEM-05-651030 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SLEM 5 configuration at least weekly. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| WN25-00-000120 - Windows Server 2025 must have a host-based intrusion detection and prevention service (IDPS) installed. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
