| 3.073 - The system must be configured to prevent the storage of the LAN Manager hash of passwords. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIOS-12-999999 - All Apple iOS 12 installations must be removed. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000760 - The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000160 The Kubernetes API server must have anonymous authentication disabled. | DISA Rancher Government Solutions RKE2 STIG v2r2 | Unix | ACCESS CONTROL |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| EP11-00-013300 - EDB Postgres Advanced Server v11 products must be a version supported by the vendor. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| EPAS-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000001 - The installed version of Firefox must be supported. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'ssh is running' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-999999 - All Google Android 10 installations must be removed. | AirWatch - DISA Google Android 10.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-999999 - All Google Android 12 installations must be removed. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed. | AirWatch - DISA Google Android 14 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed. | MobileIron - DISA Google Android 14 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed. | MobileIron - DISA Google Android 14 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-999999 - All Honeywell Android 9 installations must be removed. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JUEX-NM-000360 - The Juniper EX switch must be configured to end all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill mission requirements. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTO-09-010800 - Motorola Android Pie devices must have the latest available Motorola Android Pie operating system installed. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTO-09-999999 - All Motorola Android 9 installations must be removed. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MOTS-11-010800 - Motorola Solutions Android 11 devices must have the latest available Motorola Solutions Android 11 operating system installed. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| OL08-00-020330 - OL 8 must not allow accounts configured with blank or null passwords. | DISA Oracle Linux 8 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for OL 8 operational support. | DISA Oracle Linux 8 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000188 The Photon operating system must configure Secure Shell (SSH) to disallow HostbasedAuthentication. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000208 The Photon operating system must configure Secure Shell (SSH) to disable user environment processing. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-212020 - RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-09-411100 - The root account must be the only account having unrestricted access to RHEL 9 system. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010221 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SLES 12 STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-019600 - SQL Server databases in the classified environment, containing classified or sensitive information, must be encrypted using approved cryptography. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-671010 - Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Canonical Ubuntu 22.04 LTS STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv2 | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000999 - The version of STS Tomcat running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-65-000999 - The version of vCenter Server for Windows running on the system must be a supported version. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WN11-00-000045 - The Windows 11 system must use an antivirus program. | DISA Windows 11 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000145 - Data Execution Prevention (DEP) must be configured to at least OptOut. | DISA Windows 11 STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN11-CC-000345 - The Windows Remote Management (WinRM) service must not use Basic authentication. | DISA Windows 11 STIG v2r2 | Windows | MAINTENANCE |
| WN11-SO-000145 - Anonymous enumeration of SAM accounts must not be allowed. | DISA Windows 11 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-CC-000500 - Windows Server 2022 Windows Remote Management (WinRM) service must not use Basic authentication. | DISA Windows Server 2022 STIG v2r2 | Windows | MAINTENANCE |
| WN22-SO-000250 - Windows Server 2022 must restrict anonymous access to Named Pipes and Shares. | DISA Windows Server 2022 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
