| MSFT-11-000300 - Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000300 - Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000500 - Microsoft Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002800 - Microsoft Android 11 must be configured to disable developer modes. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002800 - Microsoft Android 11 must be configured to disable developer modes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-008700 - Microsoft Android 11 users must complete required training. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-010000 - Microsoft Android 11 Work Profile must be configured to disable the autofill services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000073 The Photon operating system /var/log directory must be restricted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000173 The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000185 The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt in login.defs. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000192 The Photon operating system must be configured to use the pam_faillock.so module. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000193 The Photon operating system must prevent leaking information of the existence of a user account. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000194 The Photon operating system must audit logon attempts for unknown users. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000209 The Photon operating system must create a home directory for all new local interactive user accounts. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000215 The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000217 The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-80-000097 The vCenter VAMI service must disable client initiated TLS renegotiation. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000036 The vCenter Lookup service must disable stack tracing. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000065 The vCenter Lookup service must set URIEncoding to UTF-8. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-80-000125 The vCenter Lookup service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| VCLU-80-000130 The vCenter Lookup service DefaultServlet must be set to 'readonly' for 'PUT' and 'DELETE' commands. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| VCLU-80-000138 The vCenter Lookup service deployXML attribute must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-80-000140 The vCenter Lookup service xpoweredBy attribute must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000126 The vCenter Perfcharts service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL |
| VCPF-80-000134 The vCenter Perfcharts service shutdown port must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000136 The vCenter Perfcharts service debug parameter must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000151 The vCenter Perfcharts service must disable 'ALLOW_BACKSLASH'. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000155 The vCenter Perfcharts service host-manager webapp must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VMCH-80-000211 Virtual machines (VMs) must remove unneeded parallel devices. | DISA VMware vSphere 8.0 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ZEBR-10-000200 - Zebra Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-000300 - Zebra Android 10 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-001600 - Zebra Android 10 must be configured to not display the following (work profile) notifications when the device is locked: | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-003500 - Zebra Android 10 must be configured to disable USB mass storage mode. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-008800 - Zebra Android 10 must be configured to enforce that Wi-Fi Sharing is disabled. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-009000 - Zebra Android 10 must have the DoD root and intermediate PKI certificates installed. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-010200 - Zebra Android 10 must be configured to disallow configuration of date and time. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-009400 - Zebra Android 11 work profile must be configured to enforce the system application disable list. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
