| AIOS-12-999999 - All Apple iOS 12 installations must be removed. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-008800 - Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-14-008800 - Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-710400 - Apple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-11-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000760 - The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001420 - The Cisco ASA must be running an operating system release that is currently supported by Cisco Systems. | DISA STIG Cisco ASA NDM v2r2 | Cisco | SYSTEM AND SERVICES ACQUISITION |
| CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations. | DISA STIG Cisco ASA VPN v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-000290 - User-managed resources must be created in dedicated namespaces. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000150 The Kubernetes kubelet must enable explicit authorization. | DISA Rancher Government Solutions RKE2 STIG v2r2 | Unix | ACCESS CONTROL |
| JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000060 - The Juniper EX switch must be configured to assign appropriate user roles or access levels to authenticated users. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | ACCESS CONTROL |
| JUEX-NM-000230 - The Juniper EX switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000180 - The Juniper perimeter router must not be configured to be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| KNOX-07-003000 - The Samsung must be configured to enable encryption for information at rest on removable storage media. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-000300 - MariaDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA MariaDB Enterprise 10.x v2r2 DB | MySQLDB | ACCESS CONTROL |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r2 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-004300 MongoDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Mitigating an attack using TCP profiles | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-BP-024750 - Oracle database products must be a version supported by the vendor. | DISA STIG Oracle 12c v3r2 Database | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| OL08-00-020332 - OL 8 must not allow blank or null passwords in the password-auth file. | DISA Oracle Linux 8 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OL08-00-040010 - OL 8 must not have the rsh-server package installed. | DISA Oracle Linux 8 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010000 - RHEL 8 must be a vendor-supported release. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-010000 - The SUSE operating system must be a vendor-supported release. | DISA SLES 15 STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-15-010190 - SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes. | DISA SLES 15 STIG v2r2 | Unix | ACCESS CONTROL |
| SLES-15-040061 - The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040062 - The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000330 - Symantec ProxySG must be configured with a pre-established trust relationship and mechanisms with appropriate authorities that validate user account access authorizations and privileges - Domain Exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000330 - Symantec ProxySG must be configured with a pre-established trust relationship and mechanisms with appropriate authorities that validate user account access authorizations and privileges - Domain joined | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000440 - Symantec ProxySG must terminate all network connections associated with a communications session at the end of the session or terminate user sessions (nonprivileged session) after 15 minutes of inactivity. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCRP-67-000999 - The version of RhttpProxy running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VMCH-65-000999 - The version of VMM running on the server must be a supported version. | DISA STIG VMware vSphere Virtual Machine 6.5 v2r2 | VMware | CONFIGURATION MANAGEMENT |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WN11-00-000040 - Windows 11 systems must be maintained at a supported servicing level. | DISA Windows 11 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000330 - The Windows Remote Management (WinRM) client must not use Basic authentication. | DISA Windows 11 STIG v2r2 | Windows | MAINTENANCE |
