Item Search

NameAudit NamePluginCategory
AIOS-18-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed.AirWatch - DISA Apple iOS/iPadOS 18 v1r1MDM

CONFIGURATION MANAGEMENT

ALMA-09-042700 - All AlmaLinux OS 9 networked systems must have the OpenSSH client installed.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

APPL-15-002062 - The macOS system must disable Bluetooth when no approved device is connected.DISA Apple macOS 15 (Sequoia) STIG v1r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations.DISA STIG Cisco ASA VPN v2r2Cisco

CONFIGURATION MANAGEMENT

CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CD12-00-008100 - PostgreSQL must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

CD12-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL.DISA STIG Crunchy Data PostgreSQL OS v3r1Unix

IDENTIFICATION AND AUTHENTICATION

CD12-00-012900 - PostgreSQL products must be a version supported by the vendor.DISA STIG Crunchy Data PostgreSQL OS v3r1Unix

SYSTEM AND SERVICES ACQUISITION

CNTR-R2-000130 - The Kubernetes Kubelet must have the read-only port flag disabled.DISA Rancher Government Solutions RKE2 STIG v2r3Unix

ACCESS CONTROL

CNTR-R2-000140 - The Kubernetes API server must have the insecure bind address not set.DISA Rancher Government Solutions RKE2 STIG v2r3Unix

ACCESS CONTROL

EDGE-00-000045 - The version of Microsoft Edge running on the system must be a supported version.DISA STIG Edge v2r2Windows

SYSTEM AND INFORMATION INTEGRITY

ESXI-70-000060 - All port groups on standard switches must be configured to reject guest Media Access Control (MAC) address changes.DISA STIG VMware vSphere 7.0 ESXi v1r4VMware

CONFIGURATION MANAGEMENT

EX19-ED-000235 - Exchange internal Receive connectors must require encryption.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

F5BI-AS-999999 - The version of F5 BIG-IP must be a supported version.DISA F5 BIG-IP Application Security Manager STIG v2r2F5

SYSTEM AND INFORMATION INTEGRITY

JRE8-UX-000180 - The version of Oracle JRE 8 running on the system must be the most current available.DISA STIG Oracle JRE 8 Unix v1r3Unix

SYSTEM AND INFORMATION INTEGRITY

JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities.DISA Juniper EX Series Layer 2 Switch v2r2Juniper

CONFIGURATION MANAGEMENT

JUEX-NM-000060 - The Juniper EX switch must be configured to assign appropriate user roles or access levels to authenticated users.DISA Juniper EX Series Network Device Management v2r2Juniper

ACCESS CONTROL

JUEX-NM-000230 - The Juniper EX switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.DISA Juniper EX Series Network Device Management v2r2Juniper

CONFIGURATION MANAGEMENT

JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor.DISA Juniper EX Series Network Device Management v2r2Juniper

CONFIGURATION MANAGEMENT

JUEX-RT-000180 - The Juniper perimeter router must not be configured to be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.DISA Juniper EX Series Router v2r1Juniper

ACCESS CONTROL

MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.DISA MariaDB Enterprise 10.x v2r3 OS LinuxUnix

IDENTIFICATION AND AUTHENTICATION

MD7X-00-004300 MongoDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.DISA MongoDB Enterprise Advanced 7.x STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

O19C-00-007400 - Oracle Database products must be a version supported by the vendor.DISA Oracle Database 19c STIG v1r1 DatabaseOracleDB

SYSTEM AND SERVICES ACQUISITION

O19C-00-009900 - The Oracle Listener must be configured to require administration authentication.DISA Oracle Database 19c STIG v1r1 UnixUnix

CONFIGURATION MANAGEMENT

O121-BP-024750 - Oracle database products must be a version supported by the vendor.DISA STIG Oracle 12c v3r2 DatabaseOracleDB

SYSTEM AND SERVICES ACQUISITION

OL08-00-010470 - There must be no ".shosts" files on the OL 8 operating system.DISA Oracle Linux 8 STIG v2r4Unix

CONFIGURATION MANAGEMENT

OL08-00-010820 - Unattended or automatic logon via the OL 8 graphical user interface must not be allowed.DISA Oracle Linux 8 STIG v2r4Unix

CONFIGURATION MANAGEMENT

OL08-00-040010 - OL 8 must not have the rsh-server package installed.DISA Oracle Linux 8 STIG v2r4Unix

CONFIGURATION MANAGEMENT

OL08-00-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for OL 8 operational support.DISA Oracle Linux 8 STIG v2r4Unix

CONFIGURATION MANAGEMENT

PHTN-30-000031 - The Photon operating system must require authentication upon booting into single-user and maintenance modes.DISA STIG VMware vSphere 7.0 Photon OS v1r4Unix

ACCESS CONTROL

RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.DISA Red Hat Enterprise Linux 8 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system.DISA Red Hat Enterprise Linux 8 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-215060 - RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

RHEL-09-411100 - The root account must be the only account having unrestricted access to RHEL 9 system.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

CONFIGURATION MANAGEMENT

UBTU-18-999999 - The Ubuntu operating system must be a vendor supported release.DISA STIG Ubuntu 18.04 LTS v2r15Unix

CONFIGURATION MANAGEMENT

UBTU-20-010442 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA Canonical Ubuntu 20.04 LTS STIG v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-20-010462 - The Ubuntu operating system must not have accounts configured with blank or null passwords.DISA Canonical Ubuntu 20.04 LTS STIG v2r2Unix

CONFIGURATION MANAGEMENT

UBTU-22-211015 - Ubuntu 22.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence.DISA Canonical Ubuntu 22.04 LTS STIG v2r4Unix

CONFIGURATION MANAGEMENT

UBTU-22-611065 - Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords.DISA Canonical Ubuntu 22.04 LTS STIG v2r4Unix

CONFIGURATION MANAGEMENT

UBTU-24-300026 - Ubuntu 24.04 LTS must disable the x86 Ctrl-Alt-Delete key sequence.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

CONFIGURATION MANAGEMENT

VCPG-67-000015 - VMware Postgres must use FIPS 140-2 approved TLS ciphers.DISA STIG VMware vSphere 6.7 PostgreSQL v1r2Unix

IDENTIFICATION AND AUTHENTICATION

VCPG-67-000999 - The version of PostgreSQL running on the system must be a supported version.DISA STIG VMware vSphere 6.7 PostgreSQL v1r2Unix

SYSTEM AND INFORMATION INTEGRITY

WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

ACCESS CONTROL

WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

ACCESS CONTROL

WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

ACCESS CONTROL

WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

ACCESS CONTROL

WN11-CC-000155 - Solicited Remote Assistance must not be allowed.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-CC-000345 - The Windows Remote Management (WinRM) service must not use Basic authentication.DISA Microsoft Windows 11 STIG v2r3Windows

MAINTENANCE

WN11-SO-000140 - Anonymous SID/Name translation must not be allowed.DISA Microsoft Windows 11 STIG v2r3Windows

CONFIGURATION MANAGEMENT

WN11-SO-000150 - Anonymous enumeration of shares must be restricted.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION