| AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003101 - The AIX system must have no .netrc files on the system. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-041600 - AlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 13 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-005020 The macOS system must enforce FileVault. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-005020 - The macOS system must enforce FileVault. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001150 - The BIND 9.x server signature generation using the KSK must be done off-line, using the KSK-private key stored off-line. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004400 - If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| ESXI5-VM-000008 - The system must disable virtual disk erasure. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000015 - The system must ensure the dvPortGroup MAC Address Change policy is set to reject. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000016 - The system must ensure the virtual switch MAC Address Change policy is set to reject. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000100-ESXI5-000062 - The operating system must be a supported release. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN004600 - The SMTP service must be an up-to-date version - 'sendmail' | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| GEN008640-ESXI5-000055 - The system must not use removable media as the boot loader. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN008680 - If the system boots from removable media, it must be stored in a safe or similarly secured container. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008680-ESXI5-000056 - If the system boots from removable media, it must be stored in a safe or similarly secured container. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| JUSX-AG-000120 - The Juniper SRX Services Gateway Firewall providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by implementing statistics-based screens - DoS attacks by implementing statistics-based screens. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000122 - The Juniper SRX Services Gateway Firewall must protect against known types of denial-of-service (DoS) attacks by implementing signature-based screens - DoS attacks by implementing signature-based screens. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000360 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-014600 - The DBMS must support organizational requirements to enforce password encryption for storage. | DISA STIG Oracle 12c v3r2 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000242 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt passwords during transmission - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000243 - OHS must have the SSLCipherSuite directive enabled to encrypt passwords during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000227 - The SSH daemon must be configured to use only the SSHv2 protocol. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010020 - The Oracle Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-020050 - The Oracle Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization - CA that is recognized and approved by the organization. | DISA Oracle Linux 7 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010030 - All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection. | DISA Oracle Linux 8 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000102 - The Palo Alto Networks security platform must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-231190 - RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-672020 - RHEL 9 cryptographic policy must not be overridden. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges. | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000080 - Splunk Enterprise must use LDAPS for the LDAP connection. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-255015 - Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100810 - Ubuntu 24.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCENTER-000031 - The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| WBLC-05-000169 - Oracle WebLogic must utilize encryption when using LDAP for authentication. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000169 - Oracle WebLogic must utilize encryption when using LDAP for authentication. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000169 - Oracle WebLogic must utilize encryption when using LDAP for authentication. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AD-000002-DC - The Active Directory SYSVOL directory must have the proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000004-MS - Only administrators responsible for the member server must have Administrator rights on the system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-PK-000006-DC - Domain Controller PKI certificates must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-PK-000007-DC - PKI certificates associated with user accounts must be issued by the DoD PKI or an approved External Certificate Authority (ECA). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-00-000250 - Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
