| AIOS-26-007000 - Apple iOS/iPadOS 26 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-009200 - Apple iOS/iPadOS 26 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-26-012000 - A managed photo app must be used to take and store work-related photos. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-013300 - Apple iOS/iPadOS 26 must disable 'Allow USB drive access in Files app' if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-26-017700 - DOD Apple iOS/iPadOS 26 devices must have a Mobile Threat Detection (MTD) app installed - MTD app installed. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-018200 - Apple iOS/iPadOS 26 must implement the management setting: disable the Bluetooth radio. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-018300 - Apple iOS/iPadOS 26 must be configured to disable Wi-Fi Aware. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| EDGE-00-000019 - Importing of open tabs must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000020 - Importing of payment info must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000022 - Importing of search engine settings must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000026 - Google Cast must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000031 - Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000033 - Browser history must be saved. | DISA Microsoft Edge STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| EDGE-00-000048 - Supported authentication schemes must be configured. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000060 - Guest mode must be disabled. | DISA Microsoft Edge STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| FNFG-FW-000020 - The FortiGate firewall must generate traffic log entries containing information to establish what type of events occurred. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000040 - The FortiGate firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000055 - The FortiGate firewall must protect the traffic log from unauthorized modification of local log records. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| RHEL-10-000540 - RHEL 10 must use a separate file system for "/tmp". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-200050 - RHEL 10 must not have a Trivial File Transfer Protocol (TFTP) server package installed unless it is required by the mission, and if required, the TFTP daemon must be configured to operate in secure mode. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-200080 - RHEL 10 must not have the "gdm" package installed. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-400075 - RHEL 10 must be configured so that the "/etc/shadow-" file is group-owned by "root". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400085 - RHEL 10 must be configured so that the "/var/log" directory is group-owned by "root". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-400145 - RHEL 10 must be configured so that all system device files are correctly labeled to prevent unauthorized modification. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400225 - RHEL 10 must enforce mode "0640" or less permissive for the "/var/log/messages" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-400325 - RHEL 10 must define default permissions for all authenticated users in such a way that the user can read and modify only their own files. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400345 - RHEL 10 must enforce "root" group ownership of the "/boot/grub2/grub.cfg" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400500 - RHEL 10 must prohibit local initialization files from executing world-writable programs. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-500000 - RHEL 10 must enable the systemd-journald service. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-500005 - RHEL 10 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-500035 - RHEL 10 must take appropriate action when a critical audit processing failure occurs. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500650 - RHEL 10 must generate audit records for successful and unsuccessful uses of the shutdown command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-600010 - RHEL 10 must require a unique superusers name upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600120 - RHEL 10 must assign a home directory for local interactive user accounts upon creation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-600450 - RHEL 10 must not have unauthorized accounts. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600610 - RHEL 10 must configure the use of the pam_faillock.so module in the "/etc/pam.d/password-auth" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700010 - RHEL 10 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a Secure Shell (SSH) login. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700100 - RHEL 10 must prevent special devices on file systems that are imported via Network File System (NFS). | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700110 - RHEL 10 must prevent files with the "setuid" and "setgid" bit set from being executed on file systems that are imported via Network File System (NFS). | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700115 - RHEL 10 must be configured so that the Network File System (NFS) is configured to use RPCSEC_GSS. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700130 - RHEL 10 must prevent files with the "setuid" and "setgid" bit set from being executed on the "/boot/efi" directory. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700540 - RHEL 10 must be configured so that the Secure Shell (SSH) daemon does not allow known hosts authentication. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-700570 - RHEL 10 must be configured so that the Secure Shell (SSH) daemon displays the date and time of the last successful account login upon an SSH login. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-700800 - RHEL 10 must ensure effective dconf policy matches the policy keyfiles. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700840 - RHEL 10 must disable the user list at login for graphical user interfaces. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700900 - RHEL 10 must implement nonexecutable data to protect its memory from unauthorized code execution. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-700940 - RHEL 10 must not default to the graphical display manager unless approved. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701090 - RHEL 10 must disable the "kernel.core_pattern". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-701100 - RHEL 10 must be configured to disable the Controller Area Network (CAN) kernel module. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
