| ESXI-67-000013 - The ESXi host SSH daemon must not allow host-based authentication. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006500 - Google Android 12 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006700 - Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006700 - Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-009800 - Google Android 12 users must complete required training. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-009800 - Google Android 12 users must complete required training. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010200 - Google Android 12 work profile must be configured to enforce the system application disable list. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010300 - Google Android 12 must be provisioned as a fully managed device and configured to create a work profile. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010500 - Google Android 12 Work Profile must be configured to disable the autofill services. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-706500 - Google Android 13 must be configured to enforce an application installation policy by specifying one or more authorized application repositories. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-706700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics (work profile only): | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-710000 - Google Android 13 must have the DOD root and intermediate PKI certificates installed (work profile only). | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-710100 - The Google Android 13 work profile must be configured to prevent users from adding personal email accounts to the work email app. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| JRE8-UX-000020 - Oracle JRE 8 deployment.config file must contain proper keys and values - deployment.system.config | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| JRE8-UX-000060 - Oracle JRE 8 must default to the most secure built-in setting - deployment.security.level | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| JRE8-UX-000070 - Oracle JRE 8 must be set to allow Java Web Start (JWS) applications - deployment.webjava.enabled | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-008700 - Microsoft Android 11 users must complete required training. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-010000 - Microsoft Android 11 Work Profile must be configured to disable the autofill services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-011000 - Microsoft Android 11 devices must be configured to disable the use of third-party keyboards. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-999999 - All Microsoft Android 11 installations must be removed. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| PHTN-40-000185 The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt in login.defs. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000209 The Photon operating system must create a home directory for all new local interactive user accounts. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000215 The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000217 The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-009600 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information within SQL Server. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-020100 - SQL Server must protect the integrity of publicly available information and applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| VCLD-80-000097 The vCenter VAMI service must disable client initiated TLS renegotiation. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000151 The vCenter Perfcharts service must disable 'ALLOW_BACKSLASH'. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCST-80-000151 The vCenter STS service must disable 'ALLOW_BACKSLASH'. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VMCH-80-000211 Virtual machines (VMs) must remove unneeded parallel devices. | DISA VMware vSphere 8.0 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ZEBR-10-000200 - Zebra Android 10 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-001600 - Zebra Android 10 must be configured to not display the following (work profile) notifications when the device is locked: | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-008800 - Zebra Android 10 must be configured to enforce that Wi-Fi Sharing is disabled. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-009000 - Zebra Android 10 must have the DoD root and intermediate PKI certificates installed. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-10-010200 - Zebra Android 10 must be configured to disallow configuration of date and time. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| ZEBR-11-009400 - Zebra Android 11 work profile must be configured to enforce the system application disable list. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | CONFIGURATION MANAGEMENT |
