| AIOS-18-003200 - Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud document and data synchronization) - iCloud document and data synchronization. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-003450 - Apple iOS/iPadOS 18 must not allow backup to remote systems (Cloud Photo Library) - Cloud Photo Library. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-003600 - Apple iOS/iPadOS 18 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-007000 - Apple iOS/iPadOS 18 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007000 - Apple iOS/iPadOS 18 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-009200 - Apple iOS/iPadOS 18 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-011300 - Apple iOS/iPadOS 18 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-012000 - A managed photo app must be used to take and store work-related photos. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012200 - Apple iOS/iPadOS 18 must implement the management setting: enable USB Restricted Mode. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012500 - Apple iOS/iPadOS 18 must implement the management setting: disable AirDrop. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-013000 - Apple iOS/iPadOS 18 must disable password sharing. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014300 - Apple iOS/iPadOS 18 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014300 - Apple iOS/iPadOS 18 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014500 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of translation. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014500 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of translation. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016400 - Apple iOS/iPadOS 18 must disable automatic downloads of apps purchased on other Apple devices. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-017800 - DOD Apple iOS/iPadOS 18 devices must disable FaceTime. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-000350 - The Kubernetes API server must have the secure port set. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-000460 - Kubernetes DynamicKubeletConfig must not be enabled - manifest | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-000940 - The Kubernetes Controllers must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000960 - The Kubernetes cluster must use non-privileged host ports for user pods. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-001360 - Kubernetes must separate user functionality. | DISA STIG Kubernetes v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set. | DISA STIG Kubernetes v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-003110 - The Kubernetes component manifests must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003130 - The Kubernetes conf files must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003150 - The Kubernetes Kube Proxy kubeconfig must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003160 - The Kubernetes Kubelet certificate authority file must have file permissions set to 644 or more restrictive. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003170 - The Kubernetes Kubelet certificate authority must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003200 - The Kubernetes kubelet KubeConfig file must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003240 - The Kubernetes kubelet config must be owned by root. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003260 - The Kubernetes etcd must have file permissions set to 644 or more restrictive. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003310 - The Kubernetes API Server audit log retention must be set. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003330 - The Kubernetes PKI CRT must have file permissions set to 644 or more restrictive. | DISA STIG Kubernetes v2r5 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000011 - Firefox must be configured to prevent JavaScript from raising or lowering windows. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000013 - Firefox must be configured to disable the installation of extensions. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| FFOX-00-000023 - Firefox fingerprinting protection must be enabled. | DISA STIG Mozilla Firefox Linux v6r7 | Unix | CONFIGURATION MANAGEMENT |
| WN25-DC-000140 - Windows Server 2025 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN25-DC-000360 - The Windows Server 2025 'Allow log on through Remote Desktop Services' user right must only be assigned to the Administrators group on domain controllers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-DC-000380 - The Windows Server 2025 'Deny log on as a batch job' user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-DC-000400 - The Windows Server 2025 'Deny log on locally' user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-DC-000405 - Windows Server 2025 must be configured for certificate-based authentication for domain controllers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-SO-000010 - Windows Server 2025 must have the built-in guest account disabled. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-SO-000280 - Windows Server 2025 must prevent PKU2U authentication using online identities. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000320 - Windows Server 2025 must be configured to at least negotiate signing for LDAP client signing. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000410 - Windows Server 2025 User Account Control (UAC) must automatically deny standard user requests for elevation. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN25-SO-000450 - Windows Server 2025 User Account Control (UAC) must virtualize file and registry write failures to per-user locations. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
