| 3.073 - The system must be configured to prevent the storage of the LAN Manager hash of passwords. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIOS-02-080017 - Apple iOS must implement the management setting: Encrypt iTunes backups. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-02-090103 - Apple iOS device must have the latest available iOS operating system installed. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-999999 - All Apple iOS/iPadOS 14 installations must be removed. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-010400 - Apple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-015420 - AlmaLinux OS 9 must not allow unattended or automatic logon via the graphical user interface. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-100001 - The macOS system must be a supported release. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-100001 - The macOS system must be a supported release. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-002011 - Kubernetes must have a Pod Security Admission control file configured. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000150 - The Kubernetes kubelet must enable explicit authorization. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | ACCESS CONTROL |
| ESXI-80-000217 - The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000221 - The ESXi host must have all security patches and updates installed. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| F5BI-AF-999999 - The version of F5 BIG-IP must be a supported version. | DISA F5 BIG-IP Advanced Firewall Manager STIG v2r2 | F5 | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-13-010800 - Android 13 devices must have the latest available Google Android 13 operating system installed. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed. | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000360 - The Juniper EX switch must be configured to end all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill mission requirements. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-008300 MongoDB must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-005300 - The MySQL Database Server 8.0 must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-006200 - The MySQL Database Server 8.0 must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-011800 - Database administrator (DBA) OS accounts must be granted only those host system privileges necessary for the administration of the Oracle Database. | DISA Oracle Database 19c STIG v1r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| O19C-00-016800 - Oracle Database must take needed steps to protect data at rest and ensure confidentiality and integrity of application data. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010121 - The OL 8 operating system must not have accounts configured with blank or null passwords. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010140 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-010150 - OL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| OL08-00-040171 - The x86 Ctrl-Alt-Delete key sequence in OL 8 must be disabled if a graphical user interface is installed. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040200 - The root account must be the only account having unrestricted access to the OL 8 system. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-012900 - PostgreSQL products must be a version supported by the vendor. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | SYSTEM AND SERVICES ACQUISITION |
| RHEL-08-010000 - RHEL 8 must be a vendor-supported release. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252075 - There must be no .shosts files on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255050 - RHEL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | MAINTENANCE |
| SLES-15-020181 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-018300 - Microsoft SQL Server products must be a version supported by the vendor. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000320 - Symantec ProxySG must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - Domain Exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-671010 - Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-300022 - Ubuntu 24.04 LTS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-300027 - Ubuntu 24.04 LTS must not have accounts configured with blank or null passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv2 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000999 - The version of vCenter Server for Windows running on the system must be a supported version. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WBLC-10-000999 - The version of Oracle WebLogic running on the system must be a supported version. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-SO-000230 - Windows Server 2022 must not allow anonymous enumeration of shares. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-SO-000250 - Windows Server 2022 must restrict anonymous access to Named Pipes and Shares. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
