| 1.1.19 - MobileIron - Limit the 'number of messages' for 'Multimedia message limit' | MobileIron - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.1 Protection Policy for the CPS Control Engine | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 3.6 Configure Network Time Protocol (NTP) - OPTIONS=-u ntp:ntp -p /var/run/ntpd.pid | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.6 Configure Network Time Protocol (NTP) - restrict default kod nomodify nopeer notrap noquery | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.6 Configure Network Time Protocol (NTP) - server aaa.bbb.ccc.ddd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.1.2 Ensure libpam-modules is installed | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1.2 Ensure libpam-modules is installed | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1.2 Ensure libpam-modules is installed | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.2 Ensure system accounts are secured - non-login shell | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 17.4.3 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT, RISK ASSESSMENT |
| 18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| AOSX-14-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL |
| AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-003002 - The macOS system must enable certificate for smartcards. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003025 - The macOS system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-000033 The macOS system must disable FileVault automatic log on. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-003020 The macOS system must enforce smart card authentication. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-003030 The macOS system must allow smart card authentication. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000033 - The macOS system must disable FileVault automatic login. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-003020 - The macOS system must enforce smart card authentication. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPNET0046 - The Trust Providers Software Publishing State must be set to 0x23C00. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG0175-ORACLE11 - The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0175-ORACLE11 - The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DTBI485-IE11 - Protected Mode must be enforced (Internet zone). | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN002760-6 - The audit system must be configured to audit all administrative, privileged, and security actions - 'clock_settime' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-6 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchownat' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| MD3X-00-001100 - MongoDB must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000219 The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - '.HTR scripting Disallowed' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WN16-MS-000010 - Only administrators responsible for the member server or standalone or nondomain-joined system must have Administrator rights on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-MS-000010 - Windows Server 2019 must only allow Administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN22-MS-000010 - Windows Server 2022 must only allow administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
