| 1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 6.1.1 Audit system file permissions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| AOSX-12-000710 - The OS X system must allow only applications downloaded from the App Store or properly signed to run - EnableAssessment | DISA STIG Apple Mac OSX 10.12 v1r6 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 12 v1r4 | Unix | |
| APPL-13-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| DTAVSEL-201 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive all patches, service packs and updates from a DoD-managed source. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | CONFIGURATION MANAGEMENT |
| DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced. | DISA STIG IE 11 v1r18 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI370-IE11 - Checking for signatures on downloaded programs must be enforced. | DISA STIG IE 11 v1r19 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO127 - Access - Application add-ins must be signed by Trusted Publisher. | DISA STIG Office 2010 Access v1r10 | Windows | CONFIGURATION MANAGEMENT |
| DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher | DISA STIG Microsoft Office Access 2016 v1r1 | Windows | CONFIGURATION MANAGEMENT |
| DTOO127 - Add-ins to Office applications must be signed by a Trusted Publisher. | DISA STIG Microsoft Project 2013 v1r4 | Windows | CONFIGURATION MANAGEMENT |
| DTOO127 - PowerPoint - Application add-ins must be signed by Trusted Publisher. | DISA STIG Office 2010 PowerPoint v1r10 | Windows | CONFIGURATION MANAGEMENT |
| DTOO131 - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Microsoft Excel 2013 v1r7 | Windows | CONFIGURATION MANAGEMENT |
| DTOO131 - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Microsoft Project 2013 v1r4 | Windows | CONFIGURATION MANAGEMENT |
| DTOO297 - InfoPath - A form that is digitally signed must be displayed with a warning. | DISA STIG Office 2010 InfoPath v1r11 | Windows | CONFIGURATION MANAGEMENT |
| DTOO413 - Users must be prevented from using or inserting apps that come from the Office Store. | DISA STIG Microsoft Office System 2013 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| OL07-00-010019 - The Oracle Linux operating system must ensure cryptographic verification of vendor software packages. | DISA Oracle Linux 7 STIG v2r13 | Unix | |
| OL08-00-010370 - YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization - CA that is recognized and approved by the organization. | DISA Oracle Linux 8 STIG v1r7 | Unix | |
| OL08-00-010370 - YUM must be configured to prevent the installation of patches, service packs, device drivers, or OL 8 system components that have not been digitally signed using a certificate that is recognized and approved by the organization. | DISA Oracle Linux 8 STIG v1r2 | Unix | |
| OL08-00-010371 - OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization - CA that is recognized and approved by the organization. | DISA Oracle Linux 8 STIG v1r8 | Unix | |
| OL08-00-010371 - OL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization - CA that is recognized and approved by the organization. | DISA Oracle Linux 8 STIG v1r7 | Unix | |
| OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution | DISA Oracle Linux 8 STIG v1r7 | Unix | |
| OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution - conf files | DISA Oracle Linux 8 STIG v1r6 | Unix | |
| OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution - multiple files | DISA Oracle Linux 8 STIG v1r2 | Unix | |
| OL08-00-010372 - OL 8 must prevent the loading of a new kernel for later execution. - /etc/sysctl.conf /etc/sysctl.d/*.conf | DISA Oracle Linux 8 STIG v1r1 | Unix | |
| PHTN-30-000059 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | |
| PHTN-67-000064 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r1 | Unix | |
| PHTN-67-000064 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 6.7 Photon OS v1r5 | Unix | |
| RHEL-07-010019 - The Red Hat Enterprise Linux operating system must ensure cryptographic verification of vendor software packages. | DISA Red Hat Enterprise Linux 7 STIG v3r12 | Unix | |
| RHEL-08-010019 - RHEL 8 must ensure cryptographic verification of vendor software packages. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | |
| RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v1r5 | Unix | |
| RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v1r11 | Unix | |
| RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v1r6 | Unix | |
| RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v1r1 | Unix | |
| RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | |
| RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution - conf files | DISA Red Hat Enterprise Linux 8 STIG v1r6 | Unix | |
| RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution - sysctl | DISA Red Hat Enterprise Linux 8 STIG v1r9 | Unix | |
| RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution - sysctl | DISA Red Hat Enterprise Linux 8 STIG v1r3 | Unix | |
| RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | |
| RHEL-09-213020 - RHEL 9 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 9 STIG v1r1 | Unix | |
| RHEL-09-215010 - RHEL 9 subscription-manager package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v1r1 | Unix | |
| SLES-15-010430 - The SUSE operating system tool zypper must have gpgcheck enabled. | DISA SLES 15 STIG v1r11 | Unix | |
| UBTU-20-010438 - The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | DISA STIG Ubuntu 20.04 LTS v1r1 | Unix | |
| UBTU-20-010438 - The Ubuntu operating system's Advance Package Tool (APT) must be configured to prevent the installation of patches, service packs, device drivers, or Ubuntu operating system components without verification they have been digitally signed using a certificate that is recognized and approved by the organization. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | |
| VCEM-67-000008 - ESX Agent Manager application files must be verified for their integrity. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r3 | Unix | |
| VCEM-67-000009 - ESX Agent Manager must only run one webapp. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r1 | Unix | |
| VCLD-67-000015 - VAMI server binaries and libraries must be verified for their integrity. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r1 | Unix | |
| VCPF-67-000008 - Performance Charts application files must be verified for their integrity. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r1 | Unix | |
| VCPF-67-000009 - Performance Charts must only run one web app. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r2 | Unix | |
| VCUI-67-000009 - vSphere UI plugins must be authorized before use. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r2 | Unix | |
