| AIX7-00-002130 - If csh/tcsh shell is used, AIX must display logout messages. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AOSX-13-000005 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL |
| APPL-11-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001041 - The BIND 9.x server implementation must be configured with a channel to send audit records to a local file. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000160 - The Cisco switch must have Storm Control configured on all host-facing switchports. | DISA Cisco NX OS Switch L2S STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000070 - The Cisco router must be configured to have all non-essential capabilities disabled. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000470 - The Cisco BGP switch must be configured to check whether a single-hop eBGP peer is directly connected. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000590 - The Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE switch must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) switch must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| DKER-EE-001770 - Docker Incs official GPG key must be added to the host using the users operating systems respective package repository management tooling. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTBI018-IE11 - Check for publishers certificate revocation must be enforced. | DISA STIG IE 11 v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-100037 - The ESXi host must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using Active Directory for local user authentication. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| EX13-EG-000125 - Exchange Send connectors delivery retries must be controlled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000160 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000165 - The Exchange Mail Store storage quota must issue a warning. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000175 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000180 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000190 - The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000200 - Exchange Send connectors delivery retries must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000215 - ASP.NET version must be removed from the HTTP Response Header information. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - HSP, HFP, and SPP profiles | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-001400 - Motorola Solutions Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| OL6-00-000174 - The operating system must automatically audit account creation - '/etc/shadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/group' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/passwd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000260 - The system must display a publicly-viewable pattern during a graphical desktop environment session lock. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000297 - Temporary accounts must be provisioned with an expiration date. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000298 - Emergency accounts must be provisioned with an expiration date. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000532 - The Oracle Linux operating system must mount /dev/shm with the noexec option. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040000 - The Oracle Linux operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| PANW-AG-000024 - The Palo Alto Networks security platform must log violations of security policies. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000015 - The system package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000174 - The operating system must automatically audit account creation - /etc/passwd | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000175 - The operating system must automatically audit account modification - /etc/passwd | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000176 - The operating system must automatically audit account disabling actions - /etc/group. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000176 - The operating system must automatically audit account disabling actions - /etc/passwd. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000334 - Accounts must be locked upon 35 days of inactivity. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| WBLC-08-000210 - Oracle WebLogic must terminate the network connection associated with a communications session at the end of the session or after a DoD-defined time period of inactivity. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-09-000252 - Oracle WebLogic must identify potentially security-relevant error conditions. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN16-00-000200 - Non-administrative accounts or groups must only have print permissions on printer shares. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-00-000480 - Windows 2016 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000350 - Turning off File Explorer heap termination on corruption must be disabled. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
