| AIOS-17-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials - Welcome page | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000940 - The account used to run the Apache web server must not have a valid login shell and password defined. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000630 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| DB2X-00-004510 - Applications using the database must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| DB2X-00-004520 - When using command-line tools such as db2, users must use a Connect method that does not expose the password. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| DB2X-00-009500 - Security-relevant software updates to DB2 must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs). | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002040 - Docker Enterprise host devices must not be directly exposed to containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002130 - The Docker Enterprise socket must not be mounted inside any containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005170 - Docker Enterprise docker.service file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005250 - Docker Enterprise TLS certificate authority (CA) certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005330 - Docker Enterprise daemon.json file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005350 - Docker Enterprise /etc/default/docker file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005360 - Docker Enterprise /etc/default/docker file permissions must be set to 644 or more restrictive. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTAM138 - McAfee VirusScan Access Protection Rules must be configured to prevent McAfee services from being stopped. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-005700 - The EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-013200 - The EDB Postgres Advanced Server must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EX13-EG-000345 - Exchange internal Send connectors must require encryption. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000000-SOL00440 - The root account must be the only account with GID of 0. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003820 - The rsh daemon must not be running. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GOOG-09-010900 - Google Android Pie devices must have a NIAP validated Google Android Pie operating system installed. | AirWatch - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000153 - An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000156 - All accounts installed with the IIS 10.0 web server software and tools must have passwords assigned and default passwords changed. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O112-BP-022700 - The Oracle Listener must be configured to require administration authentication. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | CONFIGURATION MANAGEMENT |
| O112-C1-011100 - Vendor-supported software must be evaluated and patched against newly found vulnerabilities. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | SYSTEM AND INFORMATION INTEGRITY |
| O112-N1-015601 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000294 - OHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000310 - OHS must have the SSLEngine, SSLProtocol, SSLWallet directives enabled and configured to prevent unauthorized disclosure of information during transmission - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000010 - The Oracle Linux operating system must be a vendor-supported release. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '/etc/hosts.equiv' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-010440 - The Oracle Linux operating system must not allow an unattended or automatic logon to the system via a graphical user interface. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040550 - The Oracle Linux operating system must not contain shosts.equiv files. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040690 - The Oracle Linux operating system must not have a File Transfer Protocol (FTP) server package installed unless needed - FTP server package installed unless needed. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-020130 - The FTP daemon must not be installed unless required. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-039010 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| WDNS-CM-000010 - The Windows 2012 DNS Servers zone files must have NS records that point to active name servers authoritative for the domain specified in that record. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WDNS-SC-000020 - The Windows 2012 DNS Server must protect the authenticity of dynamic updates via transaction signing. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WNFWA-000012 - Windows Defender Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network. | DISA Microsoft Windows Firewall v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WPAW-00-001300 - A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
