| UBTU-24-100400 - Ubuntu 24.04 LTS must have the "auditd" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100820 - Ubuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-102010 - Ubuntu 24.04 LTS must initiate session audits at system startup. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-200042 - Ubuntu 24.04 LTS must prevent a user from overriding the disabling of the graphical user smart card removal action. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-200270 - Ubuntu 24.04 LTS must audit any script or executable called by cron as root or by any privileged user. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-200660 - Ubuntu 24.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | ACCESS CONTROL |
| UBTU-24-300008 - Ubuntu 24.04 LTS library directories must be owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300013 - Ubuntu 24.04 LTS must have system commands group-owned by root or a system account. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300014 - Ubuntu 24.04 LTS must prevent the use of dictionary words for passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-300021 - Ubuntu 24.04 LTS must require users to reauthenticate for privilege escalation or when changing roles. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300022 - Ubuntu 24.04 LTS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300026 - Ubuntu 24.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300027 - Ubuntu 24.04 LTS must not have accounts configured with blank or null passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-400020 - Ubuntu 24.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400270 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one lowercase character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400280 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one numeric character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400400 - Ubuntu 24.04 LTS must encrypt all stored passwords with a FIPS 140-3 approved cryptographic hashing algorithm. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-600030 - Ubuntu 24.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-600230 - Ubuntu 24.04 LTS must disable all wireless network adapters. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-700030 - Ubuntu 24.04 LTS must be configured so that the "journalctl" command is not accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700100 - Ubuntu 24.04 LTS must configure the /var/log directory to be group-owned by syslog. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700120 - Ubuntu 24.04 LTS must configure the /var/log directory to have mode "0755" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700140 - Ubuntu 24.04 LTS must configure /var/log/syslog file to be owned by syslog. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-700310 - Ubuntu 24.04 LTS must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-24-900120 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900140 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900170 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900320 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900330 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900510 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers file occur. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900520 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers.d directory occur. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900750 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use the fdisk command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900920 - Ubuntu 24.04 LTS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900980 - Ubuntu 24.04 LTS must alert the system administrator (SA) and information system security officer (ISSO) (at a minimum) in the event of an audit processing failure. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901220 - Ubuntu 24.04 LTS must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901280 - Ubuntu 24.04 LTS must have directories that contain system commands group-owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-909000 - Ubuntu 24.04 LTS audit system must protect auditing rules from unauthorized change. | DISA Canonical Ubuntu 24.04 LTS STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCTR-67-000003 - The vCenter Server must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000004 - The vCenter Server must terminate management sessions after 10 minutes of inactivity. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000012 - The vCenter Server must disable the distributed virtual switch health check. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000014 - The vCenter Server must set the distributed port group MAC Address Change policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000018 - The vCenter Server must configure all port groups to a value other than that of the native VLAN. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000019 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000020 - The vCenter Server must not configure all port groups to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000023 - The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000029 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000039 - The vCenter Server passwords must be at least 15 characters in length. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
