| AIX7-00-001137 - AIX must be able to control the ability of remote login for users. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AOSX-13-000430 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| ARDC-CN-000340 - Adobe Reader DC must have the latest Security-related Software Updates installed. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000310 - The Cisco perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000670 - The Cisco PE switch providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| DKER-EE-005230 - Docker Enterprise registry certificate file ownership must be set to root:root. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| EP11-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JBOS-AS-000045 - Silent Authentication must be removed from the Default Application Security Realm. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000230 - JBoss process owner execution permissions must be limited. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000685 - The JRE installed on the JBoss server must be kept up to date. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUNI-ND-000710 - The Juniper router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA STIG Juniper Router NDM v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-ND-001470 - The Juniper router must be running a Junos release that is currently supported by Juniper Networks. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000660 - The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONTINGENCY PLANNING |
| JUSX-DM-000149 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must securely configure SNMPv3 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| MD3X-00-000010 - MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | ACCESS CONTROL |
| O112-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | CONFIGURATION MANAGEMENT |
| O112-C1-015000 - DBMS default accounts must be assigned custom passwords. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O112-N1-015602 - When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative login method that does not expose the password. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA STIG Oracle 12c v3r2 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000225 - Symbolic links must not be used in the web content directory tree. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000226 - OHS administration must be performed over a secure path or at the local console. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000309 - OHS must have the SSLFIPS directive enabled to prevent unauthorized disclosure of information during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000310 - OHS must have the SSLEngine, SSLProtocol, SSLWallet directives enabled and configured to prevent unauthorized disclosure of information during transmission - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000216 - The rexecd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-010300 - The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PANW-NM-000118 - The Palo Alto Networks security platform must not use SNMP Versions 1 or 2 | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | MAINTENANCE |
| PPS9-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-06-000214 - The rshd service must not be running. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-010020 - The Red Hat Enterprise Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-010380 - The audit system must alert the System Administrator (SA) if there is any type of audit failure. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SP13-00-000085 - SharePoint must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SharePoint 2013 v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-018200 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000150 - Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users). | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AD-000013-DC - Directory data (outside the root DSE) of a non-public directory must be configured to prevent anonymous access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-RG-000002 - Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000003 - The Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000016 - The Debug programs user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-MS-000010 - Only administrators responsible for the member server or standalone or nondomain-joined system must have Administrator rights on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-CC-000220 - Windows Server 2019 default AutoRun behavior must be configured to prevent AutoRun commands. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000230 - Windows Server 2019 AutoPlay must be disabled for all drives. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000010 - Windows Server 2019 must only allow administrators responsible for the domain controller to have Administrator rights on the system. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-MS-000010 - Windows Server 2019 must only allow Administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-UR-000060 - Windows Server 2019 Create a token object user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
