| 2.16.1 - General permissions management - 'no SUID or SGID files exist' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 6.5 Find SUID and SGID files (/usr/bin) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
| 6.5 Find SUID and SGID files (/usr/compat/) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | ACCESS CONTROL |
| EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-008900 - Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | ACCESS CONTROL |
| Monterey - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| PPS9-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| SQL4-00-032600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
