| AIOS-15-001000 - Apple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-001000 - Apple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-003300 - Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Keychain). | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-003400 - Apple iOS/iPadOS 15 must not allow backup to remote systems (My Photo Stream). | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-003600 - Apple iOS/iPadOS 15 must not allow backup to remote systems (managed applications data stored in iCloud). | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-004900 - Apple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-15-006500 - Apple iOS/iPadOS 15 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-15-006800 - Apple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | ACCESS CONTROL |
| AIOS-15-007200 - Apple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-007500 - Apple iOS/iPadOS 15 must be configured to not display notifications when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | ACCESS CONTROL |
| AIOS-15-009800 - Apple iOS/iPadOS 15 must be configured to disable multiuser modes. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-009900 - Apple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| AIOS-15-010500 - Apple iOS/iPadOS 15 must implement the management setting: limit Ad Tracking. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-010500 - Apple iOS/iPadOS 15 must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011000 - Apple iOS/iPadOS 15 must implement the management setting: Disable Allow MailDrop. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012300 - Apple iOS/iPadOS 15 must not allow managed apps to write contacts to unmanaged contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012400 - Apple iOS/iPadOS 15 must not allow unmanaged apps to read contacts from managed contacts accounts. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012700 - Apple iOS/iPadOS 15 must disable Password AutoFill in browsers and applications. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012800 - Apple iOS/iPadOS 15 must disable allow setting up new nearby devices. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013200 - The Apple iOS/iPadOS 15 must be supervised by the MDM. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013300 - Apple iOS/iPadOS 15 must disable 'Allow USB drive access in Files app' if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013500 - Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements. | AirWatch - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-014400 - Apple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of dictation. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ESXI-70-000008 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH). | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | ACCESS CONTROL |
| ESXI-70-000012 - The ESXi host Secure Shell (SSH) daemon must ignore '.rhosts' files - .rhosts files. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000021 - The ESXi host Secure Shell (SSH) daemon must not allow compression or must only allow compression after successful authentication. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000022 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000078 - The ESXi host must use DOD-approved certificates. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000082 - The ESXi host Secure Shell (SSH) daemon must disable port forwarding. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000092 - The ESXi host must not be configured to override virtual machine (VM) configurations. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000095 - The ESXi host must implement Secure Boot enforcement. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| ESXI-70-000274 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000006 - ESX Agent Manager must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000011 - ESX Agent Manager must be configured to limit access to internal packages. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000023 - ESX Agent Manager must not show directory listings. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - catalina | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| ZEBR-11-001100 - Zebra Android 11 allow list must be configured to not include applications with the following characteristics: | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-001400 - Zebra Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP) - Serial Port Profile capable devices. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-003500 - Zebra Android 11 must be configured to disable USB mass storage mode. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | ACCESS CONTROL |
| ZEBR-11-004700 - Zebra Android 11 must be configured to disable multi-user modes. | AirWatch - DISA Zebra Android 11 COBO STIG v1r4 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ZEBR-11-006100 - Zebra Android 11 must be configured to generate audit records for the following auditable events: Detected integrity violations. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | AUDIT AND ACCOUNTABILITY |
| ZEBR-11-010800 - Zebra Android 11 devices must have the latest available Zebra Android 11 operating system installed. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-011000 - Zebra Android 11 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-011100 - Zebra Android 11 devices must be configured to enable Common Criteria Mode (CC Mode). | MobileIron - DISA Zebra Android 11 COBO STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
