| 5.3.36 Ensure no ".shosts" files exist on the system | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.37 Ensure no "shosts.equiv" files exist on the system | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.6 Ensure no accounts are configured with blank or null passwords | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-010400 - Apple iOS/iPadOS 18 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-010400 - Apple iOS/iPadOS 18 must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-015600 - Apple iOS/iPadOS 18 must disable the ability to hide apps. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-26-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ALMA-09-040390 - AlmaLinux OS 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | MAINTENANCE |
| APPL-15-002062 - The macOS system must disable Bluetooth when no approved device is connected. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-26-006000 - The macOS system must be a version supported by the vendor. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | SYSTEM AND SERVICES ACQUISITION |
| APPL-26-999999 - The macOS system must install security-relevant software updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs). | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-002000 - The Kubernetes API server must have the ValidatingAdmissionWebhook enabled. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-K8-002001 - Kubernetes must enable PodSecurity admission controller on static pods and Kubelets. | DISA STIG Kubernetes v2r5 | Unix | ACCESS CONTROL |
| CNTR-R2-000160 - The Kubernetes API server must have anonymous authentication disabled. | DISA Rancher Government Solutions RKE2 STIG v2r5 | Unix | ACCESS CONTROL |
| Configuring cookie encryption within the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-65-000999 - The version of ESXi running on the system must be a supported version. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000072 - The ESXi host must have all security patches and updates installed. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000217 - The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| O19C-00-009900 - The Oracle Listener must be configured to require administration authentication. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | CONFIGURATION MANAGEMENT |
| O19C-00-011800 - Database administrator (DBA) OS accounts must be granted only those host system privileges necessary for the administration of the Oracle Database. | DISA Oracle Database 19c STIG v1r5 Windows | Windows | CONFIGURATION MANAGEMENT |
| O19C-00-011900 - Oracle Database default accounts must be assigned custom passwords. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | CONFIGURATION MANAGEMENT |
| O19C-00-018600 - Oracle Database software must be evaluated and patched against newly found vulnerabilities. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-010140 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL |
| OL08-00-010181 - OL 8 must implement a FIPS 140-3-compliant systemwide cryptographic policy. | DISA Oracle Linux 8 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on OL 8. | DISA Oracle Linux 8 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000010 - OL 9 must be a vendor supported release. | DISA Oracle Linux 9 STIG v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-002344 - OL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD. | DISA Oracle Linux 9 STIG v1r5 | Unix | MAINTENANCE |
| OL09-00-002420 - OL 9 file systems must not contain .shosts files. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-003000 - OL 9 must be configured so that the root account is the only account having unrestricted access to the system. | DISA Oracle Linux 9 STIG v1r5 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000208 - The Photon operating system must configure Secure Shell (SSH) to disable user environment processing. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-611060 - Ubuntu 22.04 LTS must not allow accounts configured with blank or null passwords. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-611065 - Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-671010 - Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000999 - The version of Virgo-Client running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WN11-SO-000140 - Anonymous SID/Name translation must not be allowed. | DISA Microsoft Windows 11 STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN11-SO-000165 - Anonymous access to Named Pipes and Shares must be restricted. | DISA Microsoft Windows 11 STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000150 - Windows Server 2022 directory data (outside the root DSE) of a nonpublic directory must be configured to prevent anonymous access. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000210 - Windows Server 2022 must not allow anonymous SID/Name translation. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000220 - Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-MS-000140 - Windows Server 2025 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000210 - Windows Server 2025 must not allow anonymous SID/Name translation. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-SO-000310 - Windows Server 2025 LAN Manager authentication level must be configured to send NTLMv2 response only and to refuse LM and NTLM. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-010800 - Zebra Android 10 devices must have the latest available Zebra Android 10 operating system installed. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-999999 - All Zebra Android 10 installations must be removed. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
