| AMLS-NM-000200 - The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| APPL-12-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| ARDC-CN-000070 - Adobe Reader DC must disable the Adobe Repair Installation. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000120 - Adobe Reader DC must disable Service Upgrades. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AS24-U1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Unix Server v3r2 | Unix | CONFIGURATION MANAGEMENT |
| AS24-U2-000960 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AS24-W1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W2-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Windows Site v2r2 | Windows | CONFIGURATION MANAGEMENT |
| BIND-9X-001040 - The BIND 9.x server implementation must be configured with a channel to send audit records to a remote syslog. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001042 - The BIND 9.x server implementation must maintain at least 3 file versions of the local log file. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000200 - The Cisco router must be configured to log all packets that have been dropped at interfaces via an ACL. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) switch must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated switch (DR) for any undesirable multicast groups and sources. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) switch must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Cisco switch (DR) for any undesirable multicast groups. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| EX13-EG-000105 - Exchange Global Outbound Message size must be controlled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000115 - Exchange Send connector connections count must be limited. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000195 - Exchange Send connectors must be clearly named. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000205 - Exchange Message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000215 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP). | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP). | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-001400 - The Honeywell Mobility Edge Android Pie device must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices - Serial Port Profile capable devices. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001400 - Microsoft Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL6-00-000174 - The operating system must automatically audit account creation - '/etc/security/opasswd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000177 - The operating system must automatically audit account termination - '/etc/security/opasswd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000530 - The Oracle Linux operating system must mount /dev/shm with the nodev option. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| PANW-NM-000016 - The Palo Alto Networks security platform must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | ACCESS CONTROL |
| SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-060170 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060180 - The operating system must use cryptographic mechanisms to protect the integrity of audit information. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000010 - The number of allowed simultaneous sessions to the manager application must be limited. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-000520 - DefaultServlet directory listings parameter must be disabled. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000930 - Default error pages for manager application must be customized. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| TCAT-AS-001720 - Connectors must be approved by the ISSO. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| UBTU-18-010400 - The Ubuntu operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-CC-000050 - Source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000060 - Windows Server 2016 must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF)-generated routes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000240 - The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-DC-000160 - The directory service must be configured to terminate LDAP-based network connections to the directory server after 5 minutes of inactivity. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ZEBR-10-001400 - Zebra Android 10 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | AirWatch - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-001400 - Zebra Android 10 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-001400 - Zebra Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | AirWatch - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-001400 - Zebra Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
