| 2.3.27.4 (L1) Ensure 'ActiveX Control Initialization' is set to 'Enabled: 6' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 26 Benchmark v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 26 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iPadOS 18 v2.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iPadOS 18 v2.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iPadOS 26 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure 'Minimum passcode length' is set to '6' or greater | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.5 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| UBTU-24-100120 - Ubuntu 24.04 LTS must be configured so that the script which runs each 30 days or less to check file integrity is the default one. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100130 - Ubuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100300 - Ubuntu 24.04 LTS must have an application firewall installed in order to control remote access methods. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-100310 - Ubuntu 24.04 LTS must enable and run the Uncomplicated Firewall (ufw). | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100700 - Ubuntu 24.04 LTS must have the "chrony" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100850 - Ubuntu 24.04 LTS must configure the SSH client to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200040 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface automount function. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200260 - Ubuntu 24.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200300 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200650 - Ubuntu 24.04 LTS must enable the graphical user logon banner to display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-300012 - Ubuntu 24.04 LTS must have system commands owned by root or a system account. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300016 - Ubuntu 24.04 LTS must be configured so that when passwords are changed or new passwords are established, pwquality must be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300017 - Ubuntu 24.04 LTS must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300023 - Ubuntu 24.04 LTS SSH daemon must prevent remote hosts from connecting to the proxy display. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300028 - Ubuntu 24.04 LTS must not allow accounts configured in Pluggable Authentication Modules (PAM) with blank or null passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-400220 - Ubuntu 24.04 LTS must store only encrypted representations of passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400330 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one special character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
