| 1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| AIOS-16-014800 - Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-014800 - Apple iOS/iPadOS 18 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-006730 - The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| ALMA-09-006840 - AlmaLinux OS 9 must have the sudo package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| APPL-13-002069 - The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL |
| CD12-00-011700 - PostgreSQL must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA Microsoft Office System 2016 STIG v2r4 | Windows | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | ACCESS CONTROL |
| EX19-MB-000173 - Role-Based Access Control must be defined for privileged and nonprivileged users. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL |
| GOOG-13-012200 - Google Android 13 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | ACCESS CONTROL |
| GOOG-13-012200 - Google Android 13 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL |
| GOOG-13-012200 - Google Android 13 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL |
| GOOG-14-012200 - Google Android 14 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL |
| GOOG-15-012200 - Google Android 15 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services - EMM to perform the following management function: Enable/disable location services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| O19C-00-001000 - Oracle Database must enforce approved authorizations for logical access to the system in accordance with applicable policy. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | ACCESS CONTROL |
| RHEL-07-020022 - The Red Hat Enterprise Linux operating system must not allow privileged accounts to utilize SSH. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-08-010455 - RHEL 8 must elevate the SELinux context when an administrator calls the sudo command. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-040400 - RHEL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-211050 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-432010 - RHEL 9 must have the sudo package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| SOL-11.1-040200 - The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SQL4-00-032500 - SQL Server must prevent non-privileged users from executing privileged functionality, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| WBSP-AS-000240 - The WebSphere Application Server users in a LDAP user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000240 - The WebSphere Application Server users in a LDAP user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WN11-SO-000167 - Remote calls to the Security Account Manager (SAM) must be restricted to Administrators. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000030 - The 'Back up files and directories' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000065 - The 'Debug programs' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000120 - The 'Load and unload device drivers' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000150 - The 'Profile single process' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000160 - The 'Restore files and directories' user right must only be assigned to the Administrators group. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN12-RG-000001 - Standard user accounts must only have Read permissions to the Winlogon registry key. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN22-DC-000010 - Windows Server 2022 must only allow administrators responsible for the domain controller to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-DC-000090 - Windows Server 2022 Active Directory Group Policy objects must have proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-MS-000130 - Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right must not be assigned to any groups or accounts on domain-joined member servers and standalone or nondomain-joined systems. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000060 - Windows Server 2022 create a token object user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000090 - Windows Server 2022 create symbolic links user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000120 - Windows Server 2022 generate security audits user right must only be assigned to Local Service and Network Service. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000130 - Windows Server 2022 impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000140 - Windows Server 2022 increase scheduling priority: user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000160 - Windows Server 2022 lock pages in memory user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-UR-000180 - Windows Server 2022 modify firmware environment values user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
