| BIND-9X-001060 - A BIND 9.x caching name server must implement DNSSEC validation to check all DNS queries for invalid input. | DISA BIND 9.x STIG v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-005900 - DB2 must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-006000 - DB2 and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-006100 - DB2 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-009300 - When invalid inputs are received, DB2 must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AF-000229 - The BIG-IP AFM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives. | DISA F5 BIG-IP Advanced Firewall Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AP-000229 - The BIG-IP APM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AS-000229 - The BIG-IP ASM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-AS-000261 - The BIG-IP ASM module must check the validity of all data inputs except those specifically identified by the organization. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000229 - The BIG-IP Core implementation must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-LT-000261 - The BIG-IP Core implementation must be configured to check the validity of all data inputs except those specifically identified by the organization. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SI-000231 - Directory Browsing on the IIS 10.0 website must be disabled. | DISA IIS 10.0 Site v2r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled. | DISA IIS 10.0 Server v3r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000138 - Directory Browsing on the IIS 10.0 web server must be disabled. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SI-000231 - Directory Browsing on the IIS 8.5 website must be disabled. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SV-000138 - Directory Browsing on the IIS 8.5 web server must be disabled. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MD3X-00-000490 - MongoDB must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD3X-00-000500 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD3X-00-000780 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB | MongoDB | SYSTEM AND INFORMATION INTEGRITY |
| MD4X-00-006200 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | SYSTEM AND INFORMATION INTEGRITY |
| MS.DEFENDER.3.1v1 - Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.6.1v1 - Contact folders SHALL NOT be shared with all domains. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.6.2v1 - Calendar details SHALL NOT be shared with all domains. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.1.1v1 - The ability to create production and sandbox environments SHALL be restricted to admins. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.2.1v1 - A DLP policy SHALL be created to restrict connector access in the default Power Platform environment. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.POWERPLATFORM.2.2v1 - Non-default environments SHOULD have at least one DLP policy affecting them. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.4.1v1 - Teams email integration SHALL be disabled. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.7.2v1 - Users SHOULD be prevented from opening or downloading files detected as malware. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.TEAMS.8.1v1 - URL comparison with a blocklist SHOULD be enabled. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| O112-C2-019500 - The DBMS must check the validity of data inputs. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| O121-C2-019500 - The DBMS must check the validity of data inputs. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-003700 - When invalid inputs are received, PostgreSQL must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-022500 - SQL Server must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-031500 - The DBMS and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-031600 - The DBMS and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL4-00-035200 - When invalid inputs are received, SQL Server must behave in a predictable and documented manner that reflects organizational and system objectives. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL6-D0-002100 - SQL Server must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| WDNS-SI-000001 - The Windows 2012 DNS Server must be configured to only allow zone information that reflects the environment for which it is authoritative, to include IP ranges and IP versions. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WDNS-SI-000002 - The Windows 2012 DNS Server must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
