| CD12-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CNTR-K8-000290 - User-managed resources must be created in dedicated namespaces. | DISA STIG Kubernetes v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r3 | Unix | ACCESS CONTROL |
| CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods. | DISA STIG Kubernetes v2r3 | Unix | ACCESS CONTROL |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-013300 - EDB Postgres Advanced Server v11 products must be a version supported by the vendor. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| EPAS-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000060 - The virtual switch MAC Address Change policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000999 - The version of ESXi running on the server must be a supported version. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'ssh is running' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-999999 - All Google Android 10 installations must be removed. | AirWatch - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-999999 - All Google Android 12 installations must be removed. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-999999 - All Honeywell Android 9 installations must be removed. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-010800 - Motorola Android Pie devices must have the latest available Motorola Android Pie operating system installed. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-999999 - All Motorola Android 9 installations must be removed. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-010800 - Motorola Solutions Android 11 devices must have the latest available Motorola Solutions Android 11 operating system installed. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| O19C-00-011800 - Database administrator (DBA) OS accounts must be granted only those host system privileges necessary for the administration of the Oracle Database. | DISA Oracle Database 19c STIG v1r1 Unix | Unix | CONFIGURATION MANAGEMENT |
| O19C-00-015500 - Oracle Database must use NIST-validated FIPS 140-2/140-3 compliant cryptography for authentication mechanisms. | DISA Oracle Database 19c STIG v1r1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015500 - Oracle Database must use NIST-validated FIPS 140-2/140-3 compliant cryptography for authentication mechanisms. | DISA Oracle Database 19c STIG v1r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-018600 - Oracle Database software must be evaluated and patched against newly found vulnerabilities. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010000 - OL 8 must be a vendor-supported release. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010830 - OL 8 must not allow users to override SSH environment variables. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-020331 - OL 8 must not allow blank or null passwords in the system-auth file. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on OL 8. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on OL 8. | DISA Oracle Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010030 - All RHEL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020300 - The SUSE operating system must not be configured to allow blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SPLK-CL-000460 - Splunk Enterprise must be configured to protect the confidentiality and integrity of transmitted information. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-019600 - SQL Server databases in the classified environment, containing classified or sensitive information, must be encrypted using approved cryptography. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-20-010459 - The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-20-010460 - The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-255025 - Ubuntu 22.04 LTS must not allow unattended or automatic login via SSH. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-255040 - Ubuntu 22.04 LTS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000999 - The version of Perfcharts running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCRP-67-000999 - The version of RhttpProxy running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WN11-CC-000075 - Credential Guard must be running on Windows 11 domain-joined systems. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000165 - Anonymous access to Named Pipes and Shares must be restricted. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-SO-000205 - The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN16-DC-000401 - Windows Server 2016 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN22-CC-000470 - Windows Server 2022 Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | MAINTENANCE |
| WN22-DC-000150 - Windows Server 2022 directory data (outside the root DSE) of a nonpublic directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000220 - Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
