| AMLS-L3-000210 - The Arista Multilayer Switch must enforce information flow control using explicit security attributes (for example, IP addresses, port numbers, protocol, Autonomous System, or interface) on information, source, and destination objects. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF MD5 Key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-NM-000100 - The Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000220 - The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 2 | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AMLS-NM-000290 - The Arista Multilayer Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | MAINTENANCE |
| AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - telnet | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | MAINTENANCE |
| AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap logging | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - logging host | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - show aaa sessions | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| MD4X-00-000400 - Unused database components that are integrated in MongoDB and cannot be uninstalled must be disabled. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-000800 - MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-001000 - MongoDB and associated applications must reserve the use of dynamic code execution for situations that require it. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD4X-00-001200 - MongoDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | ACCESS CONTROL |
| MD4X-00-001300 - MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-002200 - Database software, including DBMS configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | CONFIGURATION MANAGEMENT |
| MD4X-00-002300 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be owned by database/DBMS principals authorized for ownership. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | CONFIGURATION MANAGEMENT |
| MD4X-00-002400 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to MongoDB, etc.) must be restricted to authorized users. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | CONFIGURATION MANAGEMENT |
| MD4X-00-004100 - MongoDB must check the validity of all data inputs except those specifically identified by the organization. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD4X-00-004200 - MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MD4X-00-005700 - MongoDB must prohibit the use of cached authenticators after an organization-defined time period. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLEM-05-212015 - SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | ACCESS CONTROL |
| SLEM-05-213015 - SLEM 5 kernel core dumps must be disabled unless needed. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232015 - SLEM 5 must have system commands set to a mode of 755 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232030 - All SLEM 5 local interactive user home directories must have mode 750 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232035 - All SLEM 5 local initialization files must have mode 740 or less permissive. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232055 - SLEM 5 library files must be group-owned by root. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SLEM-05-232100 - All SLEM 5 local interactive user home directories must be group-owned by the home directory owner's primary group. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| SQLI-22-003700 - SQL Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-004200 - SQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the instance. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-004400 - SQL Server must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-007200 - Access to xp_cmdshell must be disabled unless specifically required and approved. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-008200 - If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQLI-22-009800 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQLI-22-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI). | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQLI-22-010020 - SQL Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQLI-22-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC), formerly Greenwich Mean Time (GMT). | DISA Microsoft SQL Server 2022 Instance STIG v1r4 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| SQLI-22-011800 - SQL Server must produce audit records when attempts to modify SQL Server configuration and privileges occur within the database(s). | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-015500 - SQL Server must generate audit records for all direct access to the database(s). | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQLI-22-016000 - SQL Server must configure Customer Feedback and Error Reporting. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 Windows | Windows | CONFIGURATION MANAGEMENT |
| SQLI-22-016200 - The SQL Server default account [sa] must be disabled. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-016800 - Filestream must be disabled unless specifically required and approved. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-017900 - The SQL Server Replication Xps feature must be disabled unless specifically required and approved. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQLI-22-018100 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
