| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| AIOS-12-012700 - Apple iOS must not allow unmanaged apps to read contacts from managed contacts accounts. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-012600 - Apple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-008900 - Apple iOS/iPadOS must implement the management setting: limit Ad Tracking. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-14-009000 - Apple iOS/iPadOS must implement the management setting: not allow automatic completion of Safari browser passcodes. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-009200 - Apple iOS/iPadOS must implement the management setting: not allow use of Handoff. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-010000 - Apple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-14-010700 - Apple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-010800 - Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-010800 - Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-010900 - Apple iOS/iPadOS must implement the management setting: disable AirDrop. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-001000 - Apple iOS/iPadOS 16 must allow the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods] - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-010500 - Apple iOS/iPadOS 16 must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-010600 - Apple iOS/iPadOS 16 must implement the management setting: Not allow automatic completion of Safari browser passcodes. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-010800 - Apple iOS/iPadOS 16 must implement the management setting: not allow use of Handoff. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-010800 - Apple iOS/iPadOS 16 must implement the management setting: not allow use of Handoff. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-011600 - Apple iOS/iPadOS 16 must implement the management setting: Not have any Family Members in Family Sharing. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-012300 - Apple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012300 - Apple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012400 - Apple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012400 - Apple iOS/iPadOS 16 must not allow unmanaged apps to read contacts from managed contacts accounts. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012500 - Apple iOS/iPadOS 16 must implement the management setting: Disable AirDrop. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-013100 - Apple iOS/iPadOS 16 must disable Find My Friends in the Find My app. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-98-080208 - Before establishing a user session, display an administrator-specified advisory notice and consent warning banner. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-98-080208 - Before establishing a user session, display an administrator-specified advisory notice and consent warning banner. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AMLS-NM-000440 - The Arista Multilayer Switch must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| F5BI-DM-000067 - The BIG-IP appliance must be configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| F5BI-DM-000277 - The BIG-IP appliance must create backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| GEN001280 - Manual page files must have mode 0644 or less permissive - '/usr/share/man/*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN001290 - All manual page files must not have extended ACLs - '/usr/share/man' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077 - '/etc/cron.hourly/*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN003520 - The kernel core dump data directory must be owned by root. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN003650 - All local file systems must employ journaling or another mechanism ensuring file system consistency. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| GOOG-11-005200 - Google Android 11 must allow only the Administrator (EMM) to perform the following management function: enable/disable location services. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-005200 - Google Android 11 must allow only the Administrator (EMM) to perform the following management function: enable/disable location services. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-005200 - Google Android 11 must allow only the Administrator (EMM) to perform the following management function: enable/disable location services. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-005200 - Google Android 11 must allow only the Administrator (EMM) to perform the following management function: enable/disable location services. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| JUSX-DM-000099 - The Juniper SRX Services Gateway must detect the addition of components and issue a priority 1 alert to the ISSM and SA, at a minimum. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA STIG Palo Alto NDM v3r3 | Palo_Alto | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SOL-11.1-050410 - The GNOME service must display the DoD approved system use notification message or banner before granting access to the system. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SRG-OS-99999-ESXI5-000141 - The system must enable bidirectional CHAP authentication for iSCSI traffic. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| SRG-OS-99999-ESXI5-000155 - Active Directory ESX Admin group membership must be verified unused. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ZEBR-11-005200 - Zebra Android 11 must allow only the Administrator (EMM) to perform the following management function: Enable/disable location services. | AirWatch - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-005200 - Zebra Android 11 must allow only the Administrator (EMM) to perform the following management function: Enable/disable location services. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
