| 1.17 OL08-00-010140 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | ACCESS CONTROL |
| AIOS-17-999999 - All Apple iOS/iPadOS 17 installations must be removed. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| ALMA-09-042700 - All AlmaLinux OS 9 networked systems must have the OpenSSH client installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L2-000170 - The Arista MLS L2S must be using a version supported by the vendor. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-L3-000330 - The Arista MLS RTR must be using a version supported by the vendor. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000450 - The Arista MLS NDM must be using a version supported by the vendor. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| APPL-12-004021 - The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| CNTR-K8-002011 - Kubernetes must have a Pod Security Admission control file configured. | DISA STIG Kubernetes v2r4 | Unix | ACCESS CONTROL |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-09-999999 - All Google Android 9 installations must be removed. | MobileIron - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-008400 - On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-009600 - All mobile Honeywell cryptography must be configured to be in FIPS 140-3 validated mode. | AirWatch - DISA Honeywell Android 13 COBO v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| HONW-13-009600 - All mobile Honeywell cryptography must be configured to be in FIPS 140-3 validated mode. | AirWatch - DISA Honeywell Android 13 COPE v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-001700 - MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | ACCESS CONTROL |
| MOTO-09-010800 - Motorola Android Pie devices must have the latest available Motorola Android Pie operating system installed. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-010800 - Motorola Android Pie devices must have the latest available Motorola Android Pie operating system installed. | AirWatch - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-010900 - Motorola Android Pie devices must have a NIAP-validated Motorola Android Pie operating system installed. | MobileIron - DISA Motorola Android Pie.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-999999 - All Motorola Android 9 installations must be removed. | AirWatch - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-999999 - All Motorola Solutions Android 11 installations must be removed. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-010800 - Microsoft Android 11 devices must have the latest available Microsoft Android 11 operating system installed. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL07-00-010291 - The Oracle Linux operating system must not have accounts configured with blank or null passwords. | DISA Oracle Linux 7 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010121 - The OL 8 operating system must not have accounts configured with blank or null passwords. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000182 The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-08-010820 - Unattended or automatic logon via the RHEL 8 graphical user interface must not be allowed. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271040 - RHEL 9 must not allow unattended or automatic logon via the graphical user interface. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-611025 - RHEL 9 must not allow blank or null passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010221 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SLES 12 STIG v3r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-010200 - SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | ACCESS CONTROL |
| SLES-15-020100 - The SUSE operating system root account must be the only account with unrestricted access to the system. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - SSL | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000340 - Symantec ProxySG providing user authentication intermediary services must restrict user authentication traffic to specific authentication servers - Domain exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010442 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010459 - The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-255025 - Ubuntu 22.04 LTS must not allow unattended or automatic login via SSH. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-255040 - Ubuntu 22.04 LTS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| WN11-00-000040 - Windows 11 systems must be maintained at a supported servicing level. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000145 - Anonymous enumeration of SAM accounts must not be allowed. | DISA Microsoft Windows 11 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000165 - Anonymous access to Named Pipes and Shares must be restricted. | DISA Microsoft Windows 11 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-DC-000401 - Windows Server 2016 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN22-SO-000250 - Windows Server 2022 must restrict anonymous access to Named Pipes and Shares. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
