| ESXI-67-000036 - The ESXi host must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000050 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000059 - The virtual switch Forged Transmits policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000062 - The ESXi host must prevent unintended use of the dvFilter network APIs. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| KNOX-07-000500 - The Samsung Android 7 with Knox must be configured to lock the display after 15 minutes (or less) of inactivity. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-004500 - The Samsung Android 7 with Knox must be configured to disable USB mass storage mode. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-013000 - The Samsung Android 7 with Knox must implement the management setting: Enable Certificate Revocation Status (CRL) Check. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-018400 - The Samsung Android 7 with Knox must implement the management setting: Configure application disable list. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-019100 - The Samsung Android 7 with Knox platform must implement the management setting Disable Nearby devices. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-019100 - The Samsung Android 7 with Knox platform must implement the management setting Disable Nearby devices. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-019200 - The Samsung Android 7 with Knox platform must implement the management setting: Disable Samsung WiFi Sharing. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913300 - The Samsung must implement the management setting: Disable sharing of calendar information outside the Container. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913500 - The Samsung Android 7 with Knox must be configured to disable sharing of contact information outside the Container. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913500 - The Samsung Android 7 with Knox must be configured to disable sharing of contact information outside the Container. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913600 - The Samsung must implement the management setting: Disable sharing of notification details outside the Container. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913700 - The Samsung Android 7 with Knox must implement the management setting: Configure Container application install blacklist. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-913800 - The Samsung Android 7 with Knox must implement the management setting: Disable Move Applications to Container. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-914500 - The Samsung Android 7 with Knox must implement the management setting: Configure minimum Container password complexity. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| SHPT-00-000190 - SharePoint must enforce organizational requirements to implement separation of duties through assigned information access authorizations. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SHPT-00-000193 - The SharePoint setup user domain account must be configured with the minimum privileges in Active Directory. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SHPT-00-000210 - Timer job retries for automatic password change on Managed Accounts must meet DoD password retry policy. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SHPT-00-000441 - SharePoint must protect audit information from unauthorized deletion of trace log files. | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
| SHPT-00-000445 - SharePoint must protect audit tools from unauthorized access - 'Verify Users and Groups with Full Control' | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
| SLES-15-020290 - The SUSE operating system must prevent the use of dictionary words for passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040130 - All SUSE operating system local initialization files must not execute world-writable programs. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040220 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040340 - The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040380 - The SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000060 - Splunk Enterprise must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG OS | Unix | ACCESS CONTROL |
| SPLK-CL-000260 - Splunk Enterprise must be configured to retain the identity of the original source host or device where the event occurred as part of the log record. | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG REST API | Splunk | CONFIGURATION MANAGEMENT |
| SPLK-CL-000280 - Splunk Enterprise must be configured with a report to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when an attack is detected on multiple devices and hosts within its scope of coverage. | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG REST API | Splunk | CONFIGURATION MANAGEMENT |
| SYMP-AG-000080 - Symantec ProxySG must enforce approved authorizations for controlling the flow of information within the network based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000100 - Symantec ProxySG providing user access control intermediary services must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000170 - Symantec ProxySG must produce audit records containing information to establish where the events occurred. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000200 - Symantec ProxySG must generate audit records containing information to establish the identity of any individual or process associated with the event. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000310 - Symantec ProxySG providing user authentication intermediary services must require users to reauthenticate every 900 seconds when organization-defined circumstances or situations require reauthentication - LDAP | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000460 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000480 - Symantec ProxySG providing reverse proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000070 - Symantec ProxySG must enable event access logging. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000120 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000130 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010452 - All local interactive user home directories must be group-owned by the home directory owners primary group. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000001 - ESX Agent Manager must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL |
| VCEM-67-000003 - ESX Agent Manager must limit the maximum size of a POST request. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL |
| VCEM-67-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000030 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000001 - Performance Charts must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCPF-67-000003 - Performance Charts must limit the maximum size of a POST request. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCPF-67-000012 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
