| UBTU-24-100010 - Ubuntu 24.04 LTS must not have the "systemd-timesyncd" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-400360 - Ubuntu 24.04 LTS, for PKI-based authentication, SSSD must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400370 - Ubuntu 24.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-500010 - Ubuntu 24.04 LTS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions, and other system-level access. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-24-600060 - Ubuntu 24.04 LTS must use DOD PKI-established certificate authorities (CAs) for verification of the establishment of protected sessions. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600070 - Ubuntu 24.04 LTS must disable kernel core dumps. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600090 - Ubuntu 24.04 LTS handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600150 - Ubuntu 24.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600180 - Ubuntu 24.04 LTS must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-700020 - Ubuntu 24.04 LTS must generate system journal entries without revealing information that could be exploited by adversaries. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700050 - Ubuntu 24.04 LTS must be configured so that the "journalctl" command is group-owned by "root". | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700060 - Ubuntu 24.04 LTS must configure the directories used by the system journal to be group-owned by "systemd-journal". | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700090 - Ubuntu 24.04 LTS must configure the files used by the system journal to be owned by "root" | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700110 - Ubuntu 24.04 LTS must configure the /var/log directory to be owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700130 - Ubuntu 24.04 LTS must configure the /var/log/syslog file to be group-owned by adm. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700400 - Ubuntu 24.04 LTS must be a vendor-supported release. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-900040 - Ubuntu 24.04 LTS must be configured so that audit configuration files are not write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900080 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900240 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900270 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900540 - Ubuntu 24.04 LTS must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900590 - Ubuntu 24.04 LTS must generate audit records for the /var/log/wtmp file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900610 - Ubuntu 24.04 LTS must generate audit records for the /var/log/btmp file. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900950 - Ubuntu 24.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901230 - Ubuntu 24.04 LTS must configure audit tools with a mode of "0755" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901250 - Ubuntu 24.04 LTS must configure the audit tools to be group owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901270 - Ubuntu 24.04 LTS must have directories that contain system commands owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901310 - Ubuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901350 - Ubuntu 24.04 LTS must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000001 - The vCenter Server must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000009 - The vCenter Server must implement Active Directory authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000013 - The vCenter Server must set the distributed port group Forged Transmits policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000016 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000035 - vCenter Server plugins must be verified. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000040 - The vCenter Server passwords must contain at least one uppercase character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000041 - The vCenter Server passwords must contain at least one lowercase character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000047 - The vCenter Server must require an administrator to unlock an account locked due to excessive login failures. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000072 - The vCenter Server services must be ran using a service account instead of a built-in Windows account. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000075 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
