| ESXI-67-000014 - The ESXi host SSH daemon must not permit root logins. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-67-000018 - The ESXi host SSH daemon must not permit GSSAPI authentication. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-67-000052 - The ESXi host must protect the confidentiality and integrity of transmitted information by using different TCP/IP stacks where possible. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000015 - The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| EX19-MB-000033 Exchange audit record parameters must be set. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000035 - The FortiGate firewall must generate traffic log entries containing information to establish the source of the events, such as the source IP address at a minimum. | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| GOOG-11-000500 - Google Android 11 must be configured to not allow more than ten consecutive failed authentication attempts. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-006100 - Google Android 11 must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | AUDIT AND ACCOUNTABILITY |
| HONW-09-000500 - The Honeywell Mobility Edge Android Pie device must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL |
| HONW-09-003400 - The Honeywell Mobility Edge Android Pie device must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | ACCESS CONTROL |
| HONW-09-003400 - The Honeywell Mobility Edge Android Pie device must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL |
| HONW-09-006100 - The Honeywell Mobility Edge Android Pie device must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
| JRE8-UX-000060 - Oracle JRE 8 must default to the most secure built-in setting - deployment.security.level.locked | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-RT-000090 - The Juniper router configured for MSDP must limit the amount of source-active messages it accepts on per-peer basis. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000150 - The Juniper multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000160 - The Juniper router must be configured to have all inactive interfaces disabled. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000190 - The Juniper perimeter router must not be configured to redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000260 - The Juniper router must be configured to log all packets that have been dropped. | DISA Juniper EX Series Router v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000880 - The Juniper BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| KNOX-07-018200 - The Samsung must be configured to Add the MDM Client application to the Battery optimizations modes Whitelist. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-900300 - The Samsung must be configured to not allow Container passwords with more than two repeating or sequential characters. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| RHEL-07-010375 - The Red Hat Enterprise Linux operating system must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010171 - RHEL 8 must have policycoreutils package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010471 - RHEL 8 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030602 - RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-651030 - RHEL 9 must be configured so that the file integrity tool verifies Access Control Lists (ACLs). | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020080 - The SUSE operating system must display the date and time of the last successful account logon upon logon. | DISA SLES 15 STIG v2r1 | Unix | ACCESS CONTROL |
| SLES-15-040200 - A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent). | DISA SLES 15 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040210 - The SUSE operating system must use a separate file system for /var. | DISA SLES 15 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL2-00-010200 - SQL Server default account sa must have its name changed. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL2-00-013700 - SQL Server must protect audit information from unauthorized modification. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-020400 - SQL Server must associate and maintain security labels when exchanging information between systems. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000060 - Symantec ProxySG must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| VCSA-70-000283 - The vCenter Server must disable Username/Password and Windows Integrated Authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000003 - Paste operations must be disabled on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000009 - Unauthorized CD/DVD devices must be disconnected on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000023 - 3D features on the virtual machine must be disabled when not required. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000001 - Copy operations must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000009 - Unauthorized CD/DVD devices must be disconnected on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000019 - Access to virtual machines (VMs) through the 'dvfilter' network Application Programming Interface (API) must be controlled. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000020 - System administrators must use templates to deploy virtual machines (VMs) whenever possible. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabled | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000660 - The WebSphere Application Server must shut down by default upon log failure (unless availability is an overriding concern). | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000670 - The WebSphere Application Server high availability applications must be configured to fail over in log subsystem failure. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000670 - The WebSphere Application Server high availability applications must be configured to fail over in log subsystem failure. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000740 - The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000930 - The WebSphere Application Server sample applications must be removed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
