| AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001325 - Adobe Acrobat Pro DC Continuous privileged host locations must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002129 - If Bourne / ksh shell is used, AIX must display logout messages. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AOSX-14-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| APPL-11-002016 - The macOS system must be configured to disable the iCloud Notes services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ARDC-CL-000050 - Adobe Reader DC must disable the ability to change the Default Handler. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CL-000330 - Adobe Reader DC must disable periodical uploading of European certificates. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001017 - The BIND 9.x server implementation must not be configured with a channel to send audit records to null. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000360 - The Cisco perimeter switch must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000270 - The Exchange Global Recipient Count Limit must be set. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000230 - Exchange Send connector connections count must be limited. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000240 - Exchange message size restrictions must be controlled on Send connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000260 - Exchange Send connectors must be clearly named. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000280 - Exchange Receive connectors must be clearly named. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000320 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000380 - The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000450 - The Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-009400 - Google Android 15 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUNI-RT-000360 - The Juniper perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces - LLDP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000530 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - bgp import | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUSX-DM-000029 - The Juniper SRX Services Gateway must generate a log event when privileged commands are executed. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - Disable Bluetooth Data Transfer | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - HSP, HFP, and SPP profiles | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001400 - The Motorola Android Pie must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices - Serial Port Profile capable devices. | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-001400 - The Motorola Android Pie must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only HSP (Headset Profile), HFP (HandsFree Profile), or SPP (Serial Port Profile) capable devices - Serial Port Profile capable devices. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-001400 - Motorola Solutions Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| OL6-00-000174 - The operating system must automatically audit account creation - '/etc/group' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000174 - The operating system must automatically audit account creation - '/etc/gshadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000175 - The operating system must automatically audit account modification - '/etc/shadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/security/opasswd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000509 - The system must forward audit records to the syslog service. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000531 - The Oracle Linux operating system must mount /dev/shm with the nosuid option. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000028 - The system must prevent the root account from logging in from serial consoles. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000174 - The operating system must automatically audit account creation - /etc/group | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000174 - The operating system must automatically audit account creation - /etc/gshadow | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000175 - The operating system must automatically audit account modification - /etc/group | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000175 - The operating system must automatically audit account modification - /etc/security/opasswd | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000176 - The operating system must automatically audit account disabling actions - /etc/shadow. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000298 - Emergency accounts must be provisioned with an expiration date. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000530 - The Red Hat Enterprise Linux operating system must mount /dev/shm with the nodev option. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040020 - The operating system must automatically terminate temporary accounts within 72 hours. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-060150 - The operating system must employ cryptographic mechanisms to protect information in storage. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060180 - The operating system must use cryptographic mechanisms to protect the integrity of audit information. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000200 - Splunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling) - creation, deletion, modification, disabling. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | ACCESS CONTROL |
| SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WBLC-02-000065 - Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
