APPL-14-002009 The macOS system must disable AirDrop. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
APPL-14-002038 The macOS system must disable Trivial File Transfer Protocol service. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
APPL-14-005058 The macOS system must disable Handoff. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
APPL-15-002009 - The macOS system must disable AirDrop. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
APPL-15-002038 - The macOS system must disable Trivial File Transfer Protocol (TFTP) service. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
APPL-15-002271 - The macOS system must disable iPhone Mirroring. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
APPL-15-005058 - The macOS system must disable Handoff. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
F5BI-AP-000003 - The BIG-IP APM module must enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | ACCESS CONTROL |
F5BI-DM-000027 - The BIG-IP appliance must be configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | ACCESS CONTROL |
IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v3r3 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
IISW-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
JBOS-AS-000025 - Java permissions must be set for hosted applications. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
JBOS-AS-000035 - The JBoss server must be configured with Role Based Access Controls. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
JBOS-AS-000050 - Silent Authentication must be removed from the Default Management Security Realm. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
JUSX-AG-000019 - For User Role Firewalls, the Juniper SRX Services Gateway Firewall must employ user attribute-based security policies to enforce approved authorizations for logical access to information and system resources. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | ACCESS CONTROL |
JUSX-DM-000025 - The Juniper SRX Services Gateway must enforce the assigned privilege level for each administrator and authorizations for access to all commands by assigning a login class to all AAA-authenticated users. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
SQL6-D0-000300 - SQL Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
SQL6-D0-016200 - The SQL Server default account [sa] must be disabled. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | ACCESS CONTROL |
SRG-OS-000080-ESXI5 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | ACCESS CONTROL |
TCAT-AS-000060 - Default password for keystore must be changed. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
WN10-UR-000025 - The Allow log on locally user right must only be assigned to the Administrators and Users groups. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
WN10-UR-000075 - The 'Deny log on as a batch job' user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
WN10-UR-000090 - The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
WN12-GE-000012 - Nonadministrative user accounts or groups must only have print permissions on printer shares. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000002-DC - Unauthorized accounts must not have the Access this computer from the network user right on domain controllers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000002-MS - The Access this computer from the network user right must only be assigned to the Administrators and Authenticated Users groups on member servers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000006-DC - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000006-MS - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group and other approved groups. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000017-DC - The Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000017-MS - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000018-DC - The Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000018-MS - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000019-MS - The Deny log on as a service user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000020-DC - The Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000020-MS - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000021-DC - The Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
WN12-UR-000021-MS - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
WN16-00-000150 - Local volumes must use a format that supports NTFS attributes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
WN16-00-000200 - Non-administrative accounts or groups must only have print permissions on printer shares. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
WN16-MS-000390 - The 'Deny log on as a service' user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
WN16-MS-000400 - The 'Deny log on locally' user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
WN19-DC-000390 - Windows Server 2019 Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
WN19-DC-000400 - Windows Server 2019 Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
WN19-MS-000090 - Windows Server 2019 'Deny log on as a batch job' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |