| 1.25 OL08-00-010161 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.27 OL08-00-010163 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.37 OL08-00-010250 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.65 OL08-00-010379 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.76 OL08-00-010421 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.82 OL08-00-010450 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.87 OL08-00-010480 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.89 OL08-00-010500 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.92 OL08-00-010522 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.207 OL08-00-030020 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.209 OL08-00-030040 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.340 OL08-00-040220 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.342 OL08-00-040239 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.347 OL08-00-040260 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.351 OL08-00-040279 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.354 OL08-00-040282 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.356 OL08-00-040284 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.358 OL08-00-040286 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 1.366 OL08-00-040341 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| AIOS-17-006800 - Apple iOS/iPadOS 17 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL |
| AIOS-17-007400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- transmits MD diagnostic data to non-DOD servers;- allows synchronization of data or applications between devices associated with user; and- allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-009200 - Apple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-014700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000100 - The Arista MLS layer 2 switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000140 - The Arista MLS layer 2 Arista MLS switch must implement Rapid STP where VLANs span multiple switches with redundant links. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000160 - The Arista MLS layer 2 switch must have all trunk links enabled statically. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000180 - The Arista MLS layer 2 switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000190 - The Arista MLS layer 2 switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA STIG Arista MLS EOS 4.x L2S v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000063 - Windows 10 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000025 - Windows 11 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: Continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP). | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000110 - Simple TCP/IP Services must not be installed on the system. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000140 - Inbound exceptions to the firewall on Windows 11 domain workstations must only allow authorized remote management hosts. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000165 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000250 - Windows 11 nonpersistent VM sessions must not exceed 24 hours. | DISA Microsoft Windows 11 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-AU-000054 - The system must be configured to audit Logon/Logoff - Account Lockout failures. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000080 - The system must be configured to audit Logon/Logoff - Special Logon successes. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000084 - Windows 11 must be configured to audit Object Access - Other Object Access Events failures. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000100 - The system must be configured to audit Policy Change - Audit Policy Change successes. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000140 - The system must be configured to audit System - Security State Change successes. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000505 - The Security event log size must be configured to 1024000 KB or greater. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000555 - Windows 11 must be configured to audit Other Policy Change Events Failures. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000565 - Windows 11 must be configured to audit other Logon/Logoff Events Failures. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-AU-000580 - Windows 11 must be configured to audit MPSSVC Rule-Level Policy Change Failures. | DISA Microsoft Windows 11 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN11-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000037 - Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems. | DISA Microsoft Windows 11 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000050 - Hardened UNC Paths must be defined to require mutual authentication and integrity for at least the \\*\SYSVOL and \\*\NETLOGON shares. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000080 - Virtualization-based protection of code integrity must be enabled. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000090 - Group Policy objects must be reprocessed even if they have not changed. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
