Item Search

NameAudit NamePluginCategory
AIX7-00-001010 - The AIX SYSTEM attribute must not be set to NONE for any account.DISA STIG AIX 7.x v3r1Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-13-000050 - The macOS system must be configured to disable rshd service.DISA STIG Apple Mac OSX 10.13 v2r5Unix

CONFIGURATION MANAGEMENT

AOSX-14-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.DISA STIG Apple Mac OSX 10.14 v2r6Unix

CONFIGURATION MANAGEMENT

AOSX-15-002070 - The macOS system must use an approved antivirus program.DISA STIG Apple Mac OSX 10.15 v1r10Unix

CONFIGURATION MANAGEMENT

AS24-W1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

CONFIGURATION MANAGEMENT

CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity.DISA STIG Cisco IOS Switch NDM v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems.DISA STIG Cisco IOS XE Router NDM v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems.DISA STIG Cisco IOS Router NDM v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002000 - Docker Enterprise hosts network namespace must not be shared.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002150 - Docker Enterprise privileged ports must not be mapped within containers.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-005320 - Docker Enterprise socket file permissions must be set to 660 or more restrictive.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

EP11-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password.EDB PostgreSQL Advanced Server v11 DB Audit v2r4PostgreSQLDB

IDENTIFICATION AND AUTHENTICATION

EX13-CA-000150 - Exchange OWA must use https - InternalDISA Microsoft Exchange 2013 Client Access Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000690 - Exchange internal Send connectors must require encryption - DomainSecureEnabledDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000690 - Exchange internal Send connectors must require encryption - TlsAuthLevelDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000690 - Exchange internal Send connectors must require encryption - TlsDomainDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND COMMUNICATIONS PROTECTION

IIST-SV-000156 - All accounts installed with the IIS 10.0 web server software and tools must have passwords assigned and default passwords changed.DISA IIS 10.0 Server v2r10Windows

CONFIGURATION MANAGEMENT

JUSX-DM-000167 - For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.DISA Juniper SRX Services Gateway NDM v3r2Juniper

CONFIGURATION MANAGEMENT

MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled.MobileIron - DISA Microsoft Android 11 COPE v1r2MDM

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities.DISA STIG Oracle 11.2g v2r5 WindowsWindows

SYSTEM AND INFORMATION INTEGRITY

O121-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

ACCESS CONTROL

O121-C2-015700 - The DBMS must use NIST-validated FIPS 140-2 or 140-3 compliant cryptography for authentication mechanisms.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

IDENTIFICATION AND AUTHENTICATION

O121-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.DISA STIG Oracle 12c v3r2 WindowsWindows

IDENTIFICATION AND AUTHENTICATION

OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '~/.rhosts'DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000030 - The system must not allow accounts configured with blank or null passwords - system-authDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000211 - The telnet daemon must not be running - CHKCONFIGDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL.DISA STIG PostgreSQL 9.x on RHEL OS v2r5Unix

IDENTIFICATION AND AUTHENTICATION

PPS9-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.EDB PostgreSQL Advanced Server DB Audit v2r3PostgreSQLDB

IDENTIFICATION AND AUTHENTICATION

RHEL-06-000019 - There must be no .rhosts or hosts.equiv files on the system.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000338 - The TFTP daemon must operate in secure mode which provides access only to a single directory on the host file system.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-07-010450 - The Red Hat Enterprise Linux operating system must not allow an unrestricted logon to the system.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-020231 - The Red Hat Enterprise Linux operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled in the Graphical User Interface.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-020310 - The Red Hat Enterprise Linux operating system must be configured so that the root account must be the only account having unrestricted access to the system.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-040540 - The Red Hat Enterprise Linux operating system must not contain .shosts files.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-07-040800 - SNMP community strings on the Red Hat Enterprise Linux operating system must be changed from the default.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.DISA STIG Solaris 11 X86 v3r1Unix

AUDIT AND ACCOUNTABILITY

SOL-11.1-010410 - The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded.DISA STIG Solaris 11 SPARC v3r1Unix

AUDIT AND ACCOUNTABILITY

SOL-11.1-020110 - The NIS package must not be installed.DISA STIG Solaris 11 X86 v3r1Unix

CONFIGURATION MANAGEMENT

SOL-11.1-020150 - The telnet service daemon must not be installed unless required.DISA STIG Solaris 11 SPARC v3r1Unix

CONFIGURATION MANAGEMENT

SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms.DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST APISplunk

IDENTIFICATION AND AUTHENTICATION

SPLK-CL-000070 - Splunk Enterprise must use SSL to protect the confidentiality and integrity of transmitted information.DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST APISplunk

SYSTEM AND COMMUNICATIONS PROTECTION

SQL4-00-030600 - Where availability is paramount, the SQL Server must continue processing (preferably overwriting existing records, oldest first), in the event of lack of space for more Audit/Trace log records; and must keep processing after any failure of an Audit/Trace.DISA STIG SQL Server 2014 Instance DB Audit v2r4MS_SQLDB

AUDIT AND ACCOUNTABILITY

WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000004 - Local accounts with blank passwords must be restricted to prevent access from the network.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT