Item Search

NameAudit NamePluginCategory
ARDC-CN-000330 - Adobe Reader DC must disable periodical uploading of European certificates.DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.DISA Cisco IOS XR Router RTR STIG v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000360 - The Cisco perimeter switch must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.DISA Cisco NX OS Switch RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.DISA Cisco NX OS Switch RTR STIG v3r3Cisco

ACCESS CONTROL

CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.DISA Cisco IOS XR Router RTR STIG v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000860 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization.DISA Cisco NX OS Switch RTR STIG v3r3Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

CONFIGURATION MANAGEMENT

DKER-EE-002970 - The Docker Enterprise per user limit login session control must be set per the requirements in the System Security Plan (SSP).DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2Unix

ACCESS CONTROL

EX13-CA-000105 - Exchange must have the Public Folder virtual directory removed if not in use by the site.DISA Microsoft Exchange 2013 Client Access Server STIG v2r2Windows

CONFIGURATION MANAGEMENT

EX13-MB-000030 - Exchange Audit record parameters must be set.DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

EX13-MB-000280 - The Exchange Public Store storage quota must be limited.DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3Windows

AUDIT AND ACCOUNTABILITY

EX16-ED-000240 - Exchange message size restrictions must be controlled on Send connectors.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-ED-000290 - Exchange Receive connectors must control the number of recipients chunked on a single message.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-MB-000350 - Exchange Message size restrictions must be controlled on Receive connectors.DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX16-MB-000440 - The Exchange global outbound message size must be controlled.DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6Windows

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-10-000500 - Google Android 10 must be configured to not allow more than 10 consecutive failed authentication attempts.MobileIron - DISA Google Android 10.x v2r1MDM

ACCESS CONTROL

GOOG-10-011000 - Google Android 10 devices must be configured to disable the use of third-party keyboards.MobileIron - DISA Google Android 10.x v2r1MDM

CONFIGURATION MANAGEMENT

GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP.AirWatch - DISA Google Android 13 COBO v2r2MDM

CONFIGURATION MANAGEMENT

GOOG-13-701100 - Google Android 13 must prohibit DOD VPN profiles in the Personal Profile.AirWatch - DISA Google Android 13 BYOD v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-14-009400 - Google Android 14 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP.MobileIron - DISA Google Android 14 COPE v2r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-009400 - Google Android 15 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP.AirWatch - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - as-pathDISA STIG Juniper Router RTR v3r2Juniper

ACCESS CONTROL

JUNI-RT-000590 - The Juniper MPLS router with RSVP-TE enabled must be configured to enable refresh reduction features.DISA STIG Juniper Router RTR v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000850 - The Juniper multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization - policy-optionsDISA STIG Juniper Router RTR v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

OL6-00-000007 - The system must use a separate file system for user home directories.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000088 - The system must log Martian packets.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000173 - The audit system must be configured to audit all attempts to alter system time through /etc/localtime.DISA STIG Oracle Linux 6 v2r7Unix

AUDIT AND ACCOUNTABILITY

OL6-00-000182 - The audit system must be configured to audit modifications to the systems network configuration - b64 audit_network_modificationsDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b32 EPERM auid=0DISA STIG Oracle Linux 6 v2r7Unix

AUDIT AND ACCOUNTABILITY

OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b64 EPERM auid=0DISA STIG Oracle Linux 6 v2r7Unix

AUDIT AND ACCOUNTABILITY

OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - b32 auid>=500DISA STIG Oracle Linux 6 v2r7Unix

AUDIT AND ACCOUNTABILITY

OL6-00-000204 - The xinetd service must be uninstalled if no network services utilizing it are enabled.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000230 - The SSH daemon must set a timeout interval on idle sessions.DISA STIG Oracle Linux 6 v2r7Unix

SYSTEM AND COMMUNICATIONS PROTECTION

OL6-00-000241 - The SSH daemon must not permit user environment settings.DISA STIG Oracle Linux 6 v2r7Unix

ACCESS CONTROL

OL6-00-000266 - The oddjobd service must not be running - CHKCONFIGDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000266 - The oddjobd service must not be running - PROCESS_CHECKDISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000271 - The noexec option must be added to removable media partitions.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000275 - The operating system must employ cryptographic mechanisms to protect information in storage.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000277 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of data at rest unless otherwise protected by alternative physical measures.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000287 - The postfix service must be enabled for mail delivery.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000308 - Process core dumps must be disabled unless needed.DISA STIG Oracle Linux 6 v2r7Unix

CONFIGURATION MANAGEMENT

OL6-00-000335 - The operating system must manage information system identifiers for users and devices by disabling the user identifier after an organization defined time period of inactivity.DISA STIG Oracle Linux 6 v2r7Unix

IDENTIFICATION AND AUTHENTICATION

TCAT-AS-000030 - HTTP Strict Transport Security (HSTS) must be enabled.DISA STIG Apache Tomcat Application Server 9 v3r2 MiddlewareUnix

ACCESS CONTROL

UBTU-18-010025 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited.DISA STIG Ubuntu 18.04 LTS v2r15Unix

AUDIT AND ACCOUNTABILITY

UBTU-18-010030 - The Ubuntu operating system must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.DISA STIG Ubuntu 18.04 LTS v2r15Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010447 - The Ubuntu operating system must automatically expire temporary accounts within 72 hours.DISA STIG Ubuntu 18.04 LTS v2r15Unix

ACCESS CONTROL

WBLC-02-000065 - Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance.Oracle WebLogic Server 12c Linux v2r2Unix

AUDIT AND ACCOUNTABILITY

WBLC-08-000235 - Oracle WebLogic must protect the integrity of applications during the processes of data aggregation, packaging, and transformation in preparation for deployment.Oracle WebLogic Server 12c Linux v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000089 - The print driver installation privilege must be restricted to administrators.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT