| AIX7-00-002142 - The AIX /etc/hosts file must have a mode of 0640 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002150 - The AIX cron and crontab directories must be group-owned by cron. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000004 - The macOS system must initiate a session lock after a 15-minute period of inactivity. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-11-001013 - The macOS system must be configured with audit log folders owned by root. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-002036 - The macOS system must be configured to disable the Privacy Setup services. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - Unsigned Applications | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User directory home permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Public Access Control Lists | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003013 - Apple macOS must be configured with a firmware password to prevent access to single user mode and booting from alternative media. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003013 - Apple macOS must be configured with a firmware password to prevent access to single user mode and booting from alternative media. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003050 - The macOS system must be configured so that the login command requires smart card authentication. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003050 - The macOS system must be configured so that the login command requires smart card authentication. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslog | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-004001 - The macOS system must be configured with system log files owned by root and group-owned by wheel or admin - newsyslog | DISA STIG Apple macOS 11 v1r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - newsyslog | DISA STIG Apple macOS 11 v1r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableFirewall | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableFirewall | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005051 - The macOS system must restrict the ability to utilize external writeable media devices. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000270 - The Kubernetes API Server must enable Node,RBAC as the authorization mode. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000400 - Kubernetes Worker Nodes must not have sshd service running. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - manifest | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000920 - The Kubernetes API Server must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-001360 - Kubernetes must separate user functionality. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication. | DISA STIG Kubernetes v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-003130 - The Kubernetes conf files must be owned by root. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Always accept important ICMP | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Review Packet-Filter Rules | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| Configuring CIDR Network Addresses for the BIG-IP packet filter - Send ICMP error on packet reject | Tenable F5 BIG-IP Best Practice Audit | F5 | ACCESS CONTROL |
| MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003400 - The MySQL Database Server 8.0 must generate audit records when security objects are deleted. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004400 - The MySQL Database Server 8.0 must be able to generate audit records when successful accesses to objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful accesses to objects occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004600 - The MySQL Database Server 8.0 must generate audit records for all direct access to the database(s). | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-005600 - Default demonstration and sample databases, database objects, and applications must be removed. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MYS8-00-005700 - Unused database components, MySQL Database Server 8.0 software, and database objects must be removed. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MYS8-00-006000 - The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| MYS8-00-006400 - The MySQL Database Server 8.0 must separate user functionality (including user interface services) from database management functionality. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-007300 - The MySQL Database Server 8.0 must check the validity of all data inputs except those specifically identified by the organization. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND INFORMATION INTEGRITY |
| MYS8-00-011100 - The MySQL Database Server 8.0 must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| MYS8-00-011600 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
