| 3.4.2.8 Ensure nftables default deny firewall policy | CIS Debian 10 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.1 Ensure iptables default deny firewall policy | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.2.1 Ensure iptables default deny firewall policy | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.5 (L1) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.9.7.1.8 (L1) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| DG0001-ORACLE11 - Vendor supported software is evaluated and patched against newly found vulnerabilities. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0003-ORACLE11 - The latest security patches should be installed. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'root is not a member of dba groups' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0009-ORACLE11 - Access to DBMS software files and directories should not be granted to unauthorized users - '%ORACLE_HOME% permissions are configured correctly' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0011-ORACLE11 - Configuration management procedures should be defined and implemented for database software modifications. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'No unauthorized directories exist in $ORACLE_BASE' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0016-ORACLE11 - Unused database components, database application software, and database objects should be removed from the DBMS system. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0020-ORACLE11 - Backup and recovery procedures should be developed, documented, implemented and periodically tested. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ora SQLNET.SSLFIPS_140 = TRUE' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0067-ORACLE11 - Database account passwords should be stored in encoded or encrypted format whether stored in database objects, external host files, environment variables or any other storage locations. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/tnsnames.ora EXTPROC PROTOCOL=IPC' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora run_user = nobody' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora SET EXTPROC_DLLS path' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0109-ORACLE11 - The DBMS should not be operated without authorization on a host system supporting other application services. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - 'Connection Manager is running on approved ports' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0158-ORACLE11 - DBMS remote administration should be audited. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0161-ORACLE11 - An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DG0167-ORACLE11 - Sensitive data served by the DBMS should be protected by encryption when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle install account is not a member of the oracle group' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0287-ORACLE11 - The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0 - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.EXPIRE_TIME > 0' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'LSNRCTL Security' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DO6752-ORACLE11 - The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter should not be set to NONE. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | |
| DTAM157 - McAfee VirusScan On-Delivery Email Scan Policies Artemis sensitivity level must be configured to medium or higher - enabled | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000450 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode, or a firewall filter, enabled on all CE-facing interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTS-11-001100 - Motorola Solutions Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| RHEL-06-000519 - The system package management tool must verify contents of all files associated with packages. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010060 - The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020230 - The Red Hat Enterprise Linux operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - notification | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| ZEBR-11-001100 - Zebra Android 11 allow list must be configured to not include applications with the following characteristics: | AirWatch - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-001100 - Zebra Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
