| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (L1) Ensure 'Allow installation of devices that match any of these device IDs' is set to 'Enabled: <Org Specific Device IDs>' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.5 (L1) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_DBA Group has no unauthorized users' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'Oracle DBA is only a member of ORA_DBA and Users group' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0019-ORACLE11 - Application software should be owned by a Software Application account - 'Oracle base directory file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0021-ORACLE11 - A baseline of database application software should be documented and maintained. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0053-ORACLE11 - A single database connection configuration file should not be used to configure all database clients. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '%ORACLE_HOME%\ldap\admin\fips.ora SSLFIPS_140 = TRUE' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0101-ORACLE11 - OS accounts used to execute external procedures should be assigned minimum privileges. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0104-ORACLE11 - DBMS service identification should be unique and clearly identifies the service - 'All Oracle services use the proper naming' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0108-ORACLE11 - The DBMS restoration priority should be assigned. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service - 'DomainRole != 4 or 5' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0115-ORACLE11 - Recovery procedures and technical system features exist to ensure that recovery is done in a secure and verifiable manner. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0167-ORACLE11 - Sensitive data served by the DBMS should be protected by encryption when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0171-ORACLE11 - The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0186-ORACLE11 - The database should not be directly accessible from public or unauthorized networks. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0191-ORACLE11 - Credentials used to access remote databases should be protected by encryption and restricted to authorized users. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'LSNRCTL Security' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'No listeners are running' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_DIRECTORY_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_FILE_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\Log\sqlnet.log file permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'TRACE_LEVEL_SERVER' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO6740-ORACLE11 - The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora ADMIN_RESTRICTIONS_{listener} = on' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DO6746-ORACLE11 - The Oracle listener.ora file should specify IP addresses rather than host names to identify hosts - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora HOST does not use hostname' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO6747-ORACLE11 - Remote administration should be disabled for the Oracle connection manager - '%ORACLE_HOME%\NETWORK\ADMIN\CMAN.ORA does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DTAM170 - McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 11 v24H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 11 v24H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v22H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v24H2 v1.0.0 | Windows | MEDIA PROTECTION |
| WN19-CC-000420 - Windows Server 2019 must prevent users from changing installation options. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000420 - Windows Server 2022 must prevent users from changing installation options. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000420 - Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
