Item Search

NameAudit NamePluginCategory
ESXI-80-000202 - The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.DISA VMware vSphere 8.0 ESXi STIG v2r3Unix

CONFIGURATION MANAGEMENT

ESXI-80-000209 - The ESXi host Secure Shell (SSH) daemon must not permit tunnels.DISA VMware vSphere 8.0 ESXi STIG v2r3Unix

CONFIGURATION MANAGEMENT

GOOG-15-006400 - Google Android 15 must be configured to not allow more than 10 consecutive failed authentication attempts.AirWatch - DISA Google Android 15 COBO v1r2MDM

ACCESS CONTROL

GOOG-15-006400 - Google Android 15 must be configured to not allow more than 10 consecutive failed authentication attempts.AirWatch - DISA Google Android 15 COPE v1r2MDM

ACCESS CONTROL

GOOG-15-006500 - Google Android 15 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].MobileIron - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics:AirWatch - DISA Google Android 15 COBO v1r2MDM

IDENTIFICATION AND AUTHENTICATION

GOOG-15-006700 - Google Android 15 allow list must be configured to not include applications with the following characteristics:MobileIron - DISA Google Android 15 COBO v1r2MDM

IDENTIFICATION AND AUTHENTICATION

GOOG-15-007400 - Google Android 15 must be configured to disable developer modes.AirWatch - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-007400 - Google Android 15 must be configured to disable developer modes.MobileIron - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-007800 - Google Android 15 must be configured to generate audit records for the following auditable events: Detected integrity violations.MobileIron - DISA Google Android 15 COPE v1r2MDM

AUDIT AND ACCOUNTABILITY

GOOG-15-008400 - Google Android 15 must be configured to disable USB mass storage mode.AirWatch - DISA Google Android 15 COPE v1r2MDM

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-15-008600 - Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.AirWatch - DISA Google Android 15 COPE v1r2MDM

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-15-008600 - Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.MobileIron - DISA Google Android 15 COPE v1r2MDM

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-15-009900 - Google Android 15 must be configured to disable Wi-Fi Sharing.AirWatch - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-009950 - Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.MobileIron - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-009950 - Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.AirWatch - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-010100 - The Google Android 15 work profile must be configured to prevent users from adding personal email accounts to the work email app.MobileIron - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-010300 - Google Android 15 must be provisioned as a fully managed device and configured to create a work profile.AirWatch - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-010400 - The Google Android 15 work profile must be configured to disable automatic completion of workspace internet browser text input.AirWatch - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-010400 - The Google Android 15 work profile must be configured to disable automatic completion of workspace internet browser text input.MobileIron - DISA Google Android 15 COBO v1r2MDM

CONFIGURATION MANAGEMENT

GOOG-15-010400 - The Google Android 15 work profile must be configured to disable automatic completion of workspace internet browser text input.AirWatch - DISA Google Android 15 COPE v1r2MDM

CONFIGURATION MANAGEMENT

RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-253050 - RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-253055 - RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-254015 - RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-254025 - RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-255155 - RHEL 9 SSH daemon must disable remote X connections for interactive users.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-255175 - RHEL 9 SSH daemon must prevent remote hosts from connecting to the proxy display.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-411060 - All RHEL 9 local interactive users must have a home directory assigned in the /etc/passwd file.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-412070 - RHEL 9 must define default permissions for the system default profile.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-431020 - RHEL 9 must configure SELinux context type to allow the use of a nondefault faillock tally directory.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

ACCESS CONTROL

RHEL-09-611030 - RHEL 9 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

ACCESS CONTROL

RHEL-09-611155 - RHEL 9 must not have accounts configured with blank or null passwords.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-652015 - RHEL 9 must have the packages required for encrypting offloaded audit logs installed.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-09-652025 - RHEL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-653020 - RHEL 9 audit system must take appropriate action when an error writing to the audit storage volume occurs.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-653110 - RHEL 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-653115 - RHEL 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-654190 - Successful/unsuccessful uses of the poweroff command in RHEL 9 must generate an audit record.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-654200 - Successful/unsuccessful uses of the shutdown command in RHEL 9 must generate an audit record.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

AUDIT AND ACCOUNTABILITY

SLES-12-010111 - The SUSE operating system must restrict privilege elevation to authorized personnel.DISA SLES 12 STIG v3r2Unix

CONFIGURATION MANAGEMENT

WN22-00-000200 - Windows Server 2022 accounts must require passwords.DISA Microsoft Windows Server 2022 STIG v2r4Windows

IDENTIFICATION AND AUTHENTICATION

WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-00-000350 - Windows Server 2022 must not have Simple TCP/IP Services installed.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-00-000400 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-00-000460 - Windows Server 2022 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-AU-000170 - Windows Server 2022 must be configured to audit Logon/Logoff - Group Membership successes.DISA Microsoft Windows Server 2022 STIG v2r4Windows

AUDIT AND ACCOUNTABILITY

WN22-CC-000100 - Windows Server 2022 must be configured to enable Remote host allows delegation of nonexportable credentials.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-CC-000110 - Windows Server 2022 virtualization-based security must be enabled with the platform security level configured to Secure Boot or Secure Boot with DMA Protection.DISA Microsoft Windows Server 2022 STIG v2r4Windows

CONFIGURATION MANAGEMENT

WN22-CC-000290 - Windows Server 2022 System event log size must be configured to 32768 KB or greater.DISA Microsoft Windows Server 2022 STIG v2r4Windows

AUDIT AND ACCOUNTABILITY