| AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L3-000190 - The Arista Multilayer Switch must enforce that the managed network domain and the management network domain are separate routing domains and the Interior Gateway Protocol instances are not redistributed or advertised to each other. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| Big Sur - Disable Wi-Fi Interface | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Big Sur - Disable Wi-Fi Interface | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Big Sur - Disable Wi-Fi Interface | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000800 - The Cisco multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| DTBC-0001 - Firewall traversal from remote host must be disabled. | DISA STIG Google Chrome v2r9 | Windows | ACCESS CONTROL |
| DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI515-IE11 - Websites in less privileged web content zones must be prevented from navigating into the Internet zone. | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI990-IE11 - Dragging of content from different domains across windows must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1000-IE11 - Dragging of content from different domains within a window must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1005-IE11 - Dragging of content from different domains across windows must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1025-IE11 - Dragging of content from different domains within a window must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| EX13-EG-000025 - Exchange external Receive connectors must be domain secure-enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.all.accept_source_route' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.all.accept_source_route' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.default.accept_source_route' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.default.accept_source_route' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003610 - The system must not send IPv4 ICMP redirects - 'net.ipv4.conf.all.send_redirects' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003610 - The system must not send IPv4 ICMP redirects - 'net.ipv4.conf.default.send_redirects' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000250 - The Juniper perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000420 - The Juniper out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-list | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-statement | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000800 - The Juniper multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000920 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups - policy-options | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WNFWA-000001 - Windows Defender Firewall with Advanced Security must be enabled when connected to a domain. | DISA Microsoft Windows Firewall v2r2 | Windows | ACCESS CONTROL |
| WNFWA-000002 - Windows Defender Firewall with Advanced Security must be enabled when connected to a private network. | DISA Microsoft Windows Firewall v2r2 | Windows | ACCESS CONTROL |
