ARDC-CN-000330 - Adobe Reader DC must disable periodical uploading of European certificates. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000360 - The Cisco perimeter switch must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000860 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL |
EX13-CA-000105 - Exchange must have the Public Folder virtual directory removed if not in use by the site. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
EX13-MB-000030 - Exchange Audit record parameters must be set. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
EX13-MB-000280 - The Exchange Public Store storage quota must be limited. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
EX16-ED-000240 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-ED-000290 - Exchange Receive connectors must control the number of recipients chunked on a single message. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-MB-000350 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
EX16-MB-000440 - The Exchange global outbound message size must be controlled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
GOOG-10-011000 - Google Android 10 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP. | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
GOOG-13-701100 - Google Android 13 must prohibit DOD VPN profiles in the Personal Profile. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
GOOG-14-009400 - Google Android 14 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
GOOG-15-009400 - Google Android 15 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP. | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - as-path | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
JUNI-RT-000590 - The Juniper MPLS router with RSVP-TE enabled must be configured to enable refresh reduction features. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000850 - The Juniper multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization - policy-options | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
OL6-00-000007 - The system must use a separate file system for user home directories. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000088 - The system must log Martian packets. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000173 - The audit system must be configured to audit all attempts to alter system time through /etc/localtime. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
OL6-00-000182 - The audit system must be configured to audit modifications to the systems network configuration - b64 audit_network_modifications | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b32 EPERM auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b64 EPERM auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - b32 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
OL6-00-000204 - The xinetd service must be uninstalled if no network services utilizing it are enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000230 - The SSH daemon must set a timeout interval on idle sessions. | DISA STIG Oracle Linux 6 v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
OL6-00-000241 - The SSH daemon must not permit user environment settings. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
OL6-00-000266 - The oddjobd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000266 - The oddjobd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000271 - The noexec option must be added to removable media partitions. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000275 - The operating system must employ cryptographic mechanisms to protect information in storage. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000277 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of data at rest unless otherwise protected by alternative physical measures. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000287 - The postfix service must be enabled for mail delivery. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000308 - Process core dumps must be disabled unless needed. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
OL6-00-000335 - The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
TCAT-AS-000030 - HTTP Strict Transport Security (HSTS) must be enabled. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL |
UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
UBTU-18-010447 - The Ubuntu operating system must automatically expire temporary accounts within 72 hours. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
WBLC-02-000065 - Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
WBLC-08-000235 - Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
WN12-SO-000089 - The print driver installation privilege must be restricted to administrators. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |