| AIX7-00-003087 - The Internet Network News (INN) server must be disabled on AIX. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-003105 - The rwalld daemon must be disabled on AIX. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000260 - The Apache web server must not be a proxy server. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled. | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - SetHandler server-info | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W2-000300 - The Apache web server must have resource mappings set to disable the serving of certain file types. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Location Services | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Location Services | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Location Services | NIST macOS Catalina v1.5.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000069 - The BIG-IP Core implementation must be configured to remove or disable any functions, ports, protocols, and/or services that are not documented as required. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | CONFIGURATION MANAGEMENT |
| IIST-SI-000263 - Backup interactive scripts on the IIS 10.0 server must be removed. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000119 - The IIS 10.0 web server must not be both a website server and a proxy server. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000120 - All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a production IIS 10.0 server. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000124 - The IIS 10.0 web server must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000160 - An IIS Server configured to be a SMTP relay must require authentication. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| JBOS-AS-000225 - Google Analytics must be disabled in EAP Console. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000235 - JBoss QuickStarts must be removed - JBoss QuickStarts must be removed. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - dhcp | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - telnet | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-AG-000084 - The Juniper SRX Services Gateway Firewall must not be configured as an NTP server since providing this network service is unrelated to the role as a firewall. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| O121-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O365-AC-000003 - VBA macros not digitally signed must be blocked in Access. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-PR-000003 - VBA Macros not digitally signed must be blocked in Project. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| O365-PT-000001 - VBA Macros not digitally signed must be blocked in PowerPoint. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | CONFIGURATION MANAGEMENT |
| OH12-1X-000102 - OHS must have the LoadModule include_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000117 - OHS must have the IfModule cgid_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000119 - OHS must have the ScriptAlias directive for CGI scripts disabled - ScriptAlias /cgi-bin/ | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000129 - OHS must have the Directory directive pointing to the OHS manuals disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000146 - OHS must have the IfModule dumpio_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000149 - OHS must have the IfModule mpm_winnt_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000162 - OHS must have the LoadModule cgid_module directive disabled - proxy_balancer_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000165 - OHS must have the ScriptAlias /cgi-bin/ directive within a IfModule alias_module directive disabled - alias_module | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020000 - The Oracle Linux operating system must not have the rsh-server package installed. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SQL6-D0-006900 - Default demonstration and sample databases, database objects, and applications must be removed. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-016700 - SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017000 - Ole Automation Procedures feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017100 - SQL Server User Options feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017400 - Hadoop Connectivity feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017500 - Allow Polybase Export feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017700 - SQL Server External Scripts Enabled feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-017900 - SQL Server Replication Xps feature must be disabled, unless specifically required and approved. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| TCAT-AS-000550 - xpoweredBy attribute must be disabled. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WBLC-03-000127 - Oracle WebLogic must adhere to the principles of least functionality by providing only essential capabilities. | Oracle WebLogic Server 12c Windows v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000038 - WDigest Authentication must be disabled. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000100 - Downloading print driver packages over HTTP must be prevented. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000120 - The network selection user interface (UI) must not be displayed on the logon screen. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000210 - The Windows Defender SmartScreen for Explorer must be enabled. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000270 - Windows Server 2019 must have the roles and features required by the system documented. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000130 - Windows Server 2019 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
