| 1.1 OL08-00-010000 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.2 RHEL-09-211010 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.132 OL08-00-010820 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.180 RHEL-09-252070 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.314 RHEL-09-611025 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.336 OL08-00-040190 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| 1.369 OL08-00-040360 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | CONFIGURATION MANAGEMENT |
| AIOS-17-006950 - Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations. | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-010400 - Apple iOS/iPadOS 18 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-000690 - The Cisco ASA must be configured to terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after five minutes of inactivity except to fulfill documented and validated mission requirements. | DISA STIG Cisco ASA NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000217 - The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000221 - The ESXi host must have all security patches and updates installed. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| FFOX-00-000001 - The installed version of Firefox must be supported. | DISA STIG Mozilla Firefox MacOS v6r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GOOG-15-010800 - Android 15 devices must have the latest available Google Android 15 operating system installed. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-15-010800 - Android 15 devices must have the latest available Google Android 15 operating system installed. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-13-009600 - All mobile Honeywell cryptography must be configured to be in FIPS 140-3 validated mode. | MobileIron - DISA Honeywell Android 13 COBO v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000950 - The Juniper PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| MD7X-00-000300 MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | MongoDB | ACCESS CONTROL |
| MD7X-00-005200 MongoDB must protect the confidentiality and integrity of all information at rest. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010000 - OL 8 must be a vendor-supported release. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010470 - There must be no ".shosts" files on the OL 8 operating system. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-010830 - OL 8 must not allow users to override SSH environment variables. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-020331 - OL 8 must not allow blank or null passwords in the system-auth file. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040000 - OL 8 must not have the telnet-server package installed. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040010 - OL 8 must not have the rsh-server package installed. | DISA Oracle Linux 8 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-003000 - OL 9 must be configured so that the root account is the only account having unrestricted access to the system. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000207 The Photon operating system must configure Secure Shell (SSH) to disallow authentication with an empty password. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020330 - RHEL 8 must not allow accounts configured with blank or null passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-010510 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-020181 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020300 - The SUSE operating system must not be configured to allow blank or null passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040062 - The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000300 - Symantec ProxySG must be configured to prohibit or restrict the use of network services as defined in the PPSM CAL and vulnerability assessments. - Destination | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000310 - Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - cli timeout | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000310 - Symantec ProxySG must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements - web timeout | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010460 - The Ubuntu operating system must disable the x86 Ctrl-Alt-Delete key sequence. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-20-010462 - The Ubuntu operating system must not have accounts configured with blank or null passwords. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-20-010463 - The Ubuntu operating system must not allow accounts configured with blank or null passwords. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-10-000999 - The version of Oracle WebLogic running on the system must be a supported version. | Oracle WebLogic Server 12c Linux v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WBLC-10-000999 - The version of Oracle WebLogic running on the system must be a supported version. | Oracle WebLogic Server 12c Windows v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN22-SO-000020 - Windows Server 2022 must prevent local accounts with blank passwords from being used from the network. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000210 - Windows Server 2022 must not allow anonymous SID/Name translation. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
