| CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CNTR-K8-003110 - The Kubernetes component manifests must be owned by root. | DISA STIG Kubernetes v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003130 - The Kubernetes conf files must be owned by root. | DISA STIG Kubernetes v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003160 - The Kubernetes Kubelet certificate authority file must have file permissions set to 644 or more restrictive. | DISA STIG Kubernetes v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003290 - The Kubernetes API Server must be set to audit log max size. | DISA STIG Kubernetes v2r3 | Unix | CONFIGURATION MANAGEMENT |
| GEN000360 - Group Identifiers (GIDs) reserved for system accounts must not be assigned to non-system groups. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000560 - The system must not have accounts configured with blank or null passwords. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000680 - The system must require passwords to contain no more than three consecutive repeating characters. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN000900 - The root user's home directory must not be the root directory (/). | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN001840 - All global initialization files executable search paths must contain only authorized paths - '/etc/bashrc' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN001840 - All global initialization files executable search paths must contain only authorized paths - '/etc/security/environ' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN001845 - Global initialization files library search paths must contain only authorized paths - '/etc/security/environ' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN002020 - All .rhosts, .shosts, or host.equiv files must only contain trusted host-user pairs. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN002560 - The system and user default umask must be 077 - user initialization files | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN003540 - The system must implement non-executable program stacks. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN004540 - The SMTP service HELP command must not be enabled. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN004580 - The system must not use .forward files. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005480 - The syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005506 - The SSH daemon must be configured to not use Cipher-Block Chaining (CBC) ciphers. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005540 - The SSH daemon must be configured for IP filtering - '/etc/hosts.deny' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005570 - The system must be configured with a default gateway for IPv6 if the system uses IPv6, unless the system is a router. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN005840 - The NFS server must be configured to restrict file system access to local hosts - 'All exports contain ro or rw' | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| GEN006235 - Samba must be configured to not allow guest access to shares. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-L2-000230 - The Juniper EX switch must be configured to set all enabled user-facing or untrusted ports as access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| OL08-00-010010 - OL 8 vendor-packaged system security patches and updates must be installed and up to date. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040249 - RHEL 8 must not forward IPv4 source-routed packets by default. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040284 - RHEL 8 must disable the use of user namespaces. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020100 - The SUSE operating system root account must be the only account with unrestricted access to the system. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020101 - The SUSE operating system must restrict privilege elevation to authorized personnel. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020110 - All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020181 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040110 - All SUSE operating system local initialization files must have mode 0740 or less permissive. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040150 - SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040160 - SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040200 - A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent). | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040230 - The SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040382 - The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000280 - Splunk Enterprise must be configured with a report to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | CONFIGURATION MANAGEMENT |
| SPLK-CL-000290 - Analysis, viewing, and indexing functions, services, and applications used as part of Splunk Enterprise must be configured to comply with DoD-trusted path and access requirements. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | CONFIGURATION MANAGEMENT |
