| UBTU-24-100020 - Ubuntu 24.04 LTS must not have the "ntp" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100110 - Ubuntu 24.04 LTS must configure AIDE to perform file integrity checking on the file system if installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-100200 - Ubuntu 24.04 LTS must be configured to preserve log records from failure events. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100500 - Ubuntu 24.04 LTS must have AppArmor installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| UBTU-24-100510 - Ubuntu 24.04 LTS must be configured to use AppArmor. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| UBTU-24-100600 - Ubuntu 24.04 LTS must have the "libpam-pwquality" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100800 - Ubuntu 24.04 LTS must have SSH installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100860 - Ubuntu 24.04 LTS SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-101000 - Ubuntu 24.04 LTS must allow users to directly initiate a session lock for all connection types. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200041 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user interface autorun function. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-200043 - Ubuntu 24.04 LTS must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200090 - Ubuntu 24.04 LTS must monitor remote access methods. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200290 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200310 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200320 - Ubuntu 24.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-24-200640 - Ubuntu 24.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to via an SSH logon. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-300011 - Ubuntu 24.04 LTS must have system commands set to a mode of 0755 or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300029 - Ubuntu 24.04 LTS must generate audit records for all events that affect the systemd journal files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300030 - Ubuntu 24.04 LTS default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300031 - Ubuntu 24.04 LTS must not allow unattended or automatic login via SSH. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-400260 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one uppercase character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400340 - Ubuntu 24.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400380 - Ubuntu 24.04 LTS for PKI-based authentication, must implement a local cache of revocation data in case of the inability to access revocation information via the network. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-600000 - Ubuntu 24.04 LTS must immediately terminate all network connections associated with SSH traffic after a period of inactivity. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600140 - Ubuntu 24.04 LTS must restrict access to the kernel message buffer. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600190 - Ubuntu 24.04 LTS must be configured to use TCP syncookies. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600200 - Ubuntu 24.04 LTS must configure the uncomplicated firewall to rate-limit impacted network interfaces. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-700150 - Ubuntu 24.04 LTS must configure /var/log/syslog file with mode "0640" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700300 - Ubuntu 24.04 LTS must implement nonexecutable data to protect its memory from unauthorized code execution. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-900050 - Ubuntu 24.04 LTS must permit only authorized accounts to own the audit configuration files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900060 - Ubuntu 24.04 LTS must permit only authorized groups to own the audit configuration files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900070 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the su command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900100 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the umount command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900130 - Ubuntu 24.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900180 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900350 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module syscall. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900730 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use modprobe command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901300 - Ubuntu 24.04 LTS must be configured so that audit log files are not read or write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000025 - The vCenter Server must disable the managed object browser (MOB) at all times when not required for troubleshooting or maintenance of managed objects. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000026 - The vCenter Server must check the privilege reassignment after restarts. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000045 - The vCenter Server must limit the maximum number of failed login attempts to three. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000046 - The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000055 - The vCenter Server must configure the vSAN Datastore name to a unique name. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000059 - The vCenter Server must enable certificate based authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000065 - The vCenter Server must have Mutual CHAP configured for vSAN iSCSI targets. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000077 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
