| 1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | ACCESS CONTROL |
| AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W2-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA STIG Microsoft Office System 2013 v2r1 | Windows | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA STIG Microsoft Office System 2016 v2r2 | Windows | ACCESS CONTROL |
| JBOS-AS-000475 - The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA RedHat JBoss EAP 6.3 STIG v2r3 | Unix | ACCESS CONTROL |
| JUEX-NM-000930 - The Juniper EX switch must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Juniper EX Series Network Device Management v1r5 | Juniper | ACCESS CONTROL |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COPE v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COBO v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COBO v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COPE v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-010700 - The MySQL Database Server 8.0 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Oracle MySQL 8.0 v1r5 DB | MySQLDB | ACCESS CONTROL |
| O365-CO-000010 - Users must be prevented from creating new trusted locations in the Trust Center. | DISA STIG Microsoft Office 365 ProPlus v2r11 | Windows | ACCESS CONTROL |
| RHEL-09-211045 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-211050 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-412030 - RHEL 9 must prevent users from disabling session control mechanisms. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL |
| RHEL-09-432010 - RHEL 9 must have the sudo package installed. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | ACCESS CONTROL |
| SP13-00-000140 - SharePoint must prevent non-privileged users from circumventing malicious code protection capabilities. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| SQL4-00-032500 - SQL Server must prevent non-privileged users from executing privileged functionality, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2014 Instance DB Audit v2r3 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-010400 - SQL Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2016 Instance DB Audit v2r11 | MS_SQLDB | ACCESS CONTROL |
| TCAT-AS-001060 - Tomcat user account must be a non-privileged user. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | ACCESS CONTROL |
| TCAT-AS-001060 - Tomcat user account must be a non-privileged user. | DISA STIG Apache Tomcat Application Server 9 v2r6 | Unix | ACCESS CONTROL |
| WN11-UR-000005 - The 'Access Credential Manager as a trusted caller' user right must not be assigned to any groups or accounts - Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts. | DISA Windows 11 STIG v1r5 | Windows | ACCESS CONTROL |
| WN11-UR-000015 - The 'Act as part of the operating system' user right must not be assigned to any groups or accounts - Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Windows 11 STIG v1r5 | Windows | ACCESS CONTROL |
| WN11-UR-000040 - The 'Create a pagefile' user right must only be assigned to the Administrators group - Create a pagefile user right must only be assigned to the Administrators group. | DISA Windows 11 STIG v1r5 | Windows | ACCESS CONTROL |
| WN11-UR-000055 - The 'Create permanent shared objects' user right must not be assigned to any groups or accounts - Create permanent shared objects user right must not be assigned to any groups or accounts. | DISA Windows 11 STIG v1r5 | Windows | ACCESS CONTROL |
| WN12-RG-000001 - Standard user accounts must only have Read permissions to the Winlogon registry key. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-RG-000002 - Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000007 - The Back up files and directories user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000011 - The Create a pagefile user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000014 - The Create permanent shared objects user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000015 - The Create symbolic links user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000023 - The Force shutdown from a remote system user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000024 - The Generate security audits user right must only be assigned to Local Service and Network Service. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000025 - The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000027 - The Increase scheduling priority user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000028 - The Load and unload device drivers user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000029 - The Lock pages in memory user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000034 - The Modify firmware environment values user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000036 - The Profile single process user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-DC-000350 - The Add workstations to domain user right must only be assigned to the Administrators group. | DISA Windows Server 2016 STIG v2r7 | Windows | ACCESS CONTROL |
| WN16-DC-000420 - The Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers. | DISA Windows Server 2016 STIG v2r7 | Windows | ACCESS CONTROL |
| WN19-DC-000080 - Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Windows Server 2019 STIG v2r8 | Windows | ACCESS CONTROL |
| WN19-DC-000090 - Windows Server 2019 Active Directory Group Policy objects must have proper access control permissions. | DISA Windows Server 2019 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access - Database file | DISA Windows Server 2022 STIG v1r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access - Log files path | DISA Windows Server 2022 STIG v1r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-UR-000160 - Windows Server 2022 lock pages in memory user right must not be assigned to any groups or accounts. | DISA Windows Server 2022 STIG v1r4 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
