| AADC-CN-001280 - Adobe Acrobat Pro DC Continuous Default Handler changes must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001320 - Adobe Acrobat Pro DC Continuous Periodic downloading of Adobe certificates must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-002128 - If bash is used, AIX must display logout messages. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| APPL-11-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002015 - The macOS system must be configured to disable the Mail iCloud services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002014 - The macOS system must be configured to disable iCloud Address Book services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002015 - The macOS system must be configured to disable the iCloud Mail services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000220 - The Exchange global outbound message size must be controlled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000250 - Exchange Send connectors delivery retries must be controlled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000260 - Exchange Send connectors must be clearly named. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000280 - Exchange Receive connectors must be clearly named. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000340 - Exchange Mailbox Stores must mount at startup. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000360 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000430 - The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP). | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-001400 - Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP). | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP). | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP). | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-009400 - Google Android 13 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| KNOX-07-002400 - Disable all Bluetooth profiles except for HSP, HFP, and SPP - Disable Bluetooth Discoverable | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001400 - Microsoft Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP). | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL6-00-000015 - The system package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000028 - The system must prevent the root account from logging in from serial consoles. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000175 - The operating system must automatically audit account modification - '/etc/passwd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000176 - The operating system must automatically audit account disabling actions - '/etc/shadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000177 - The operating system must automatically audit account termination - '/etc/gshadow' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000177 - The operating system must automatically audit account termination - '/etc/passwd' | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| PANW-AG-000144 - The Palo Alto Networks security platform must, at a minimum, off-load threat and traffic log records onto a centralized log server in real time. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000039 - The Palo Alto Networks security platform must off-load log records to a centralized log server. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000058 - The Palo Alto Networks security platform must off-load log records to a centralized log server in real-time. | DISA STIG Palo Alto IDPS v3r2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000064 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000174 - The operating system must automatically audit account creation - /etc/security/opasswd | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000176 - The operating system must automatically audit account disabling actions - /etc/gshadow. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000177 - The operating system must automatically audit account termination - /etc/group. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000177 - The operating system must automatically audit account termination - /etc/passwd. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000297 - Temporary accounts must be provisioned with an expiration date. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-060170 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SPLK-CL-000300 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
