| AOSX-15-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002064 - The macOS system must have the security assessment policy subsystem enabled. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000340 - Unsupported version of Adobe Acrobat Reader DC Classic must be uninstalled. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AS24-W1-000940 - All accounts installed with the Apache web server software and tools must have passwords assigned and default passwords changed. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000960 - The Apache web server software must be a vendor-supported version. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| CISC-L2-000020 - The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000640 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000640 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000680 - Exchange internal Receive connectors must require encryption. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - DomainSecureEnabled | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - RequireTLS | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000025 - Java permissions must be set for hosted applications. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000035 - The JBoss server must be configured with Role Based Access Controls. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000050 - Silent Authentication must be removed from the Default Management Security Realm. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JBOS-AS-000680 - Production JBoss servers must be supported by the vendor. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-NM-000670 - The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000145 - The Juniper SRX Services Gateway Firewall must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS. | DISA STIG Oracle 12c v3r2 Windows | Windows | CONFIGURATION MANAGEMENT |
| OH12-1X-000211 - The version of the OHS installation must be vendor supported. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000308 - OHS must have the LoadModule ossl_module directive enabled to prevent unauthorized disclosure of information during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000311 - OHS must have the SSLCipherSuite directive enabled to prevent unauthorized disclosure of information during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000239 - The SSH daemon must not allow authentication using an empty password. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010290 - The Oracle Linux operating system must not allow accounts configured with blank or null passwords. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020250 - The Oracle Linux operating system must be a vendor supported release. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020310 - The Oracle Linux operating system must be configured so that the root account must be the only account having unrestricted access to the system. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| PANW-NM-000069 - The Palo Alto Networks security platform must terminate management sessions after 10 minutes of inactivity except to fulfill documented and validated mission requirements. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000227 - The SSH daemon must be configured to use only the SSHv2 protocol. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication. | DISA STIG SharePoint 2013 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-000300 - SQL Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-009500 - SQL Server must protect the confidentiality and integrity of all information at rest. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-016200 - The SQL Server default account [sa] must be disabled. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | ACCESS CONTROL |
| UBTU-18-010005 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010018 - The Ubuntu operating system must not have the Network Information Service (NIS) package installed. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | CONFIGURATION MANAGEMENT |
| WDNS-SC-000025 - The Windows 2012 DNS Server must not contain zone records that have not been validated in over a year. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-CC-000059 - Solicited Remote Assistance must not be allowed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000015 - Windows 2012/2012 R2 accounts must be configured to require passwords. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-GE-000027 - File Transfer Protocol (FTP) servers must be configured to prevent access to the system drive. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000051 - Anonymous enumeration of SAM accounts must not be allowed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000052 - Anonymous enumeration of shares must be restricted. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000059 - Network shares that can be accessed anonymously must not be allowed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-00-000040 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-00-000150 - Local volumes must use a format that supports NTFS attributes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
