| 3.13 Ensure VPN traffic goes through the relevant ACL | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
| 18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT |
| 18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT |
| APPL-11-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002021 - The macOS system must be configured to disable sending diagnostic and usage data to Apple. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-002022 - The macOS system must be configured to disable Remote Apple Events. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. | DISA STIG Cisco ASA NDM v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. | DISA STIG Cisco ASA VPN v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CD12-00-000100 - PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| CNTR-K8-000920 - The Kubernetes API Server must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL). | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000960 - The Kubernetes cluster must use non-privileged host ports for user pods. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DG0014-ORACLE11 - Default demonstration and sample database objects and applications should be removed - 'No demo or sample users exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DG0098-ORACLE11 - ccess to external objects should be disabled if not required and authorized - 'utl_file_dir does not include *' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/tnsnames.ora KEY=EXTPROC does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - no PROGRAMS = EXTPROC' - tnsnames.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO0430-ORACLE11 - The Oracle Management Agent should be uninstalled if not required and authorized or is installed on a database accessible from the Internet. | DISA STIG Oracle 11 Installation v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3536-ORACLE11 - The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy - 'Default profile IDLE_TIME < 15 minutes' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3536-ORACLE11 - The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy - 'Non-default profile IDLE_TIME < 15 minutes' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '$ORACLE_HOME/network/admin/cman.ora does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DO6754-ORACLE11 - Oracle Configuration Manager should not remain installed on a production system - '$ORACLE_HOME/ccr does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| GEN007020 - The Stream Control Transmission Protocol (SCTP) must be disabled unless required. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN007480 - The Reliable Datagram Sockets (RDS) protocol must be disabled or not installed unless required. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-NM-000230 - The Juniper EX switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MYS8-00-006000 - The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | CONFIGURATION MANAGEMENT |
| RHEL-08-040030 - RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SHPT-00-000480 - When configuring Central Administration, the port number selected must comply with DoD Ports and Protocol Management (PPSM) program requirements. | DISA STIG SharePoint 2010 v1r9 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-017400 - SQL Server must support the organizational requirements to specifically prohibit or restrict the use of unauthorized functions, ports, protocols, and/or services. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Source | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000220 - Symantec ProxySG must use only approved management services protocols. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT |
| VCLU-80-000037 The vCenter Lookup service must be configured to use a specified IP address and port. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Index Server Web Interface Disallowed' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI050 IIS6 - Unused and vulnerable script mappings in IIS 6 must be removed. - 'Internet Data Connector Disallowed' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI070 IIS6 - Indexing Services must only index web content. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI080 IIS6 - The IIS Internet Printing Protocol must be disabled. | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI100 IIS6 - The File System Object component, if not required, must be disabled. - 'Scripting.FileSystemObject Check' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000980 - The WebSphere Application Server must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
