| ALMA-09-001340 - AlmaLinux OS 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-001560 - AlmaLinux OS 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-002990 - AlmaLinux OS 9 SSH client must be configured to use only encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-003210 - AlmaLinux OS 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-003540 - The AlmaLinux OS 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH server connections. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-004090 - AlmaLinux OS 9 must implement DOD-approved TLS encryption in the OpenSSL package. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-007060 - AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control on hardlinks. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-007500 - AlmaLinux OS 9 must automatically lock an account when three unsuccessful logon attempts occur. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL |
| ALMA-09-008050 - AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ALMA-09-010360 - AlmaLinux OS 9 system commands must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011020 - AlmaLinux OS 9 library files must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-011240 - AlmaLinux OS 9 must disable core dumps for all users. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-012010 - AlmaLinux OS 9 cron configuration directories must have a mode of 0700 or less permissive. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-013000 - AlmaLinux OS 9 /etc/group file must be group owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-013440 - The /boot/grub2/grub.cfg file must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014210 - AlmaLinux OS 9 /etc/gshadow file must have mode 0000 or less permissive to prevent unauthorized access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014650 - All AlmaLinux OS 9 local interactive user home directories defined in the /etc/passwd file must exist. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014870 - AlmaLinux OS 9 must prevent code from being executed on file systems that contain user home directories. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-014980 - A separate file system must be used for user home directories (such as /home or an equivalent). | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-016300 - AlmaLinux OS 9 /etc/passwd file must be group-owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-016850 - AlmaLinux OS 9 /etc/shadow- file must have mode 0000 or less permissive to prevent unauthorized access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017070 - AlmaLinux OS 9 /etc/shadow file must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-017620 - AlmaLinux OS 9 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-018610 - AlmaLinux OS 9 must ignore Internet Control Message Protocol (ICMP) redirect messages. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-020370 - AlmaLinux OS 9 SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-021470 - AlmaLinux OS 9 SSH daemon must disable remote X connections for interactive users. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-021580 - AlmaLinux OS 9 SSH daemon must prevent remote hosts from connecting to the proxy display. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-022790 - AlmaLinux OS 9 must prevent code from being executed on file systems that are used with removable media. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ALMA-09-023670 - AlmaLinux OS 9 systems using Domain Name Servers (DNS) resolution must have at least two name servers configured. | DISA CloudLinux AlmaLinux OS 9 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000070 - The ESXi host must not provide root/administrator-level access to Common Information Model (CIM)-based hardware monitoring tools or other third-party applications. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000079 - The ESXi host must not suppress warnings that the local or remote shell sessions are enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000087 - The ESXi host must enable volatile key destruction. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000089 - The ESXi Host Client must be configured with a session timeout. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000023 - The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000051 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000063 - The vCenter Server must restrict access to the cryptographic role. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000999 - The version of vCenter running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WN22-CC-000030 - Windows Server 2022 Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. | DISA Microsoft Windows Server 2022 STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000040 - Windows Server 2022 source routing must be configured to the highest protection level to prevent Internet Protocol (IP) source routing. | DISA Microsoft Windows Server 2022 STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
