| AIX7-00-001010 - The AIX SYSTEM attribute must not be set to NONE for any account. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000050 - The macOS system must be configured to disable rshd service. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AS24-W1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002000 - Docker Enterprise hosts network namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002150 - Docker Enterprise privileged ports must not be mapped within containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005320 - Docker Enterprise socket file permissions must be set to 660 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EP11-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EX13-CA-000150 - Exchange OWA must use https - Internal | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - DomainSecureEnabled | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - TlsAuthLevel | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - TlsDomain | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000156 - All accounts installed with the IIS 10.0 web server software and tools must have passwords assigned and default passwords changed. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| JUSX-DM-000167 - For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | SYSTEM AND INFORMATION INTEGRITY |
| O121-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy. | DISA STIG Oracle 12c v3r2 Database | OracleDB | ACCESS CONTROL |
| O121-C2-015700 - The DBMS must use NIST-validated FIPS 140-2 or 140-3 compliant cryptography for authentication mechanisms. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG Oracle 12c v3r2 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '~/.rhosts' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000030 - The system must not allow accounts configured with blank or null passwords - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000211 - The telnet daemon must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000019 - There must be no .rhosts or hosts.equiv files on the system. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000338 - The TFTP daemon must operate in secure mode which provides access only to a single directory on the host file system. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010450 - The Red Hat Enterprise Linux operating system must not allow an unrestricted logon to the system. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020231 - The Red Hat Enterprise Linux operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled in the Graphical User Interface. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020310 - The Red Hat Enterprise Linux operating system must be configured so that the root account must be the only account having unrestricted access to the system. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040540 - The Red Hat Enterprise Linux operating system must not contain .shosts files. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040800 - SNMP community strings on the Red Hat Enterprise Linux operating system must be changed from the default. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010410 - The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-020110 - The NIS package must not be installed. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020150 - The telnet service daemon must not be installed unless required. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000070 - Splunk Enterprise must use SSL to protect the confidentiality and integrity of transmitted information. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-030600 - Where availability is paramount, the SQL Server must continue processing (preferably overwriting existing records, oldest first), in the event of lack of space for more Audit/Trace log records; and must keep processing after any failure of an Audit/Trace. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000004 - Local accounts with blank passwords must be restricted to prevent access from the network. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
