| AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS-iPadOS 16 STIG v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AZLX-23-002110 - Amazon Linux 2023 must audit uses of the "execve" system call. | DISA Amazon Linux 2023 STIG v1r2 | Unix | ACCESS CONTROL |
| Big Sur - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| CNTR-R2-001130 - Rancher RKE2 must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Rancher Government Solutions RKE2 STIG v2r5 | Unix | ACCESS CONTROL |
| EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000520 - The root user must not own the logon session for an application requiring a continuous display. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000920 - The root account's home directory (other than /) must have mode 0700. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 COPE STIG v2r3 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 COPE STIG v2r3 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 BYOAD v1r3 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 COPE STIG v2r3 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-008900 - Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 15 COPE STIG v1r3 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-008900 - Google Android 16 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 16 COPE STIG v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-008900 - Google Android 16 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 16 COPE STIG v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | ACCESS CONTROL |
| Monterey - Prevent Software From Executing at Higher Privilege Levels than Users Executing The Software | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-010600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| OL08-00-030000 - The OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL |
| PHTN-40-000019 - The Photon operating system must be configured to audit the execution of privileged functions. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PPS9-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | ACCESS CONTROL |
| RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-09-654010 - RHEL 9 must audit uses of the "execve" system call. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | ACCESS CONTROL |
| SQL4-00-032600 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only. | DISA MS SQL Server 2016 Database STIG v3r4 | MS_SQLDB | ACCESS CONTROL |
| SQLD-22-002900 - Execution of stored procedures and functions that use execute as must be restricted to necessary cases only. | DISA Microsoft SQL Server 2022 Database STIG v1r3 | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-010500 - Use of credentials and proxies must be restricted to necessary cases only. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| SQLI-22-016400 - Execution of startup stored procedures must be restricted to necessary cases only. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | ACCESS CONTROL |
| UBTU-20-010211 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
