| AIOS-12-010500 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-12-010500 - Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-010500 - Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-010500 - Apple iOS/iPadOS 17 must implement the management setting: limit Ad Tracking. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-010500 - Apple iOS/iPadOS 17 must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-001048 - AIX must protect the confidentiality and integrity of all information at rest. | DISA STIG AIX 7.x v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001131 - The DNSSEC keys used with the BIND 9.x implementation must be group owned by a privileged account. | DISA BIND 9.x STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001132 - Permissions assigned to the DNSSEC keys used with the BIND 9.x implementation must enforce read-only access to the key owner and deny access to all other users. | DISA BIND 9.x STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-005400 - DB2 must protect the confidentiality and integrity of all information at rest. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002660 - Docker Secrets must be used to store configuration files and small amounts of user-generated data (up to 500 kb in size) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBC-0039 - Browser history must be saved. | DISA STIG Google Chrome v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI042-IE11 - Userdata persistence must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI132-IE11 - Userdata persistence must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO187 - Rights managed Office Open XML files must be protected. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO187 - Rights managed Office Open XML files must be protected. | DISA Microsoft Office System 2016 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO321 - Encrypt document properties must be configured for OLE documents. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-005700 - The EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000125 - Exchange Public Folder stores must be retained until backups are complete. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000290 - Exchange email forwarding must be restricted. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000300 - Exchange email-forwarding SMTP domains must be restricted. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000137 - The production IIS 10.0 web server must utilize SHA2 encryption for the Machine Key. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000137 - The production IIS 10.0 web server must utilize SHA2 encryption for the Machine Key. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000137 - The production IIS 8.5 web server must utilize SHA2 encryption for the Machine Key. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000440 - MongoDB must protect the confidentiality and integrity of all information at rest. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000002 - Document metadata for rights managed Office Open XML files must be protected. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000008 - Office applications must be configured to specify encryption type in password-protected Office 97-2003 files. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000009 - Office applications must be configured to specify encryption type in password-protected Office Open XML files. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000276 - The operating system must protect the confidentiality and integrity of data at rest. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-008300 - PostgreSQL must protect the confidentiality and integrity of all information at rest. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000276 - The operating system must protect the confidentiality and integrity of data at rest. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060160 - The operating system must protect the confidentiality and integrity of information at rest. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060170 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-021300 - SQL Server must protect data at rest and ensure confidentiality and integrity of data. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-024100 - The Database Master Key must be encrypted by the Service Master Key, where a Database Master Key is required and another encryption method has not been specified. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-024200 - Database Master Key passwords must not be stored in credentials within the database. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-024300 - Symmetric keys (other than the database master key) must use a DoD certificate to encrypt the key. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-024500 - The Service Master Key must be backed up, stored offline and off-site. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-001600 - The Database Master Key encryption password must meet DOD password complexity requirements. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-001700 - The Database Master Key must be encrypted by the Service Master Key, where a Database Master Key is required and another encryption method has not been specified. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-003400 - SQL Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-009500 - SQL Server must protect the confidentiality and integrity of all information at rest. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-009600 - The Service Master Key must be backed up and stored in a secure location that is not on the SQL Server. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-009700 - The Master Key must be backed up and stored in a secure location that is not on the SQL Server. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000024 - The Windows 2012 DNS Server must protect secret/private cryptographic keys while at rest. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-00-000250 - Windows 10 nonpersistent VM sessions must not exceed 24 hours. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
