| 1.1.8 Ensure nodev option set on /dev/shm partition | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.22 Ensure nosuid option set on removable media partitions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.22 Ensure nosuid option set on removable media partitions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.3 Ensure SELinux policy is configured - sestatus | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.008 - Local volumes must be formatted using NTFS. | DISA Windows 7 STIG v1r32 | Windows | ACCESS CONTROL |
| 2.008 - Local volumes will be formatted using NTFS. | DISA Windows Server 2008 R2 MS STIG v1r33 | Windows | ACCESS CONTROL |
| 5.3.4 Ensure permissions on SSH private host key files are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.sh | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure no world writable files exist | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.12 Ensure users own their home directories | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.13 Ensure users' home directories permissions are 750 or more restrictive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| Catalina - Disable Handoff | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Handoff | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Handoff | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - NICKNAMES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - ROUTINES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - SEQUENCES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DTOO199 - Office System - Changing permissions on rights managed content for users must be enforced. | DISA STIG Office System 2010 v1r13 | Windows | ACCESS CONTROL |
| DTOO200 - Office System - Office must be configured to not allow read with browsers. | DISA STIG Office System 2010 v1r13 | Windows | ACCESS CONTROL |
| EP11-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v1r1 | Windows | ACCESS CONTROL |
| EX19-MB-000020 Exchange must have authenticated access set to integrated Windows authentication only. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | ACCESS CONTROL |
| GEN001025 - The sudo command must require authentication - /etc/sudoers.d/ !authenticate | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001210 - All system command files must not have extended ACLs - '/bin' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001290 - All manual page files must not have extended ACLs - '/usr/share/info' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001290 - All manual page files must not have extended ACLs - '/usr/share/infopage' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001361 - NIS/NIS+/yp command files must not have extended ACLs. | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/environment' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/profile.d/*' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN002560 - The system and user default umask must be 077 - '~/.*' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN002718 - System audit tool executables must not have extended ACLs - '/sbin/audispd' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN002718 - System audit tool executables must not have extended ACLs - '/sbin/autrace' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN002990 - The cron.allow file must not have an extended ACL. | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003090 - Crontab files must not have extended ACLs - '/etc/cron.hourly' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003090 - Crontab files must not have extended ACLs - '/var/spool/cron' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/etc/cron.d' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077 - '/etc/cron.daily/*' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN003220 - Cron programs must not set the umask to a value less restrictive than 077 - '/etc/cron.monthly/*' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN004390 - The alias file must not have an extended ACL - '/etc/postfix/aliases.db' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN004950 - The ftpusers file must not have an extended ACL - '/etc/vsftpd.ftpusers' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN005375 - The snmpd.conf file must not have an extended ACL. | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN006210 - The /etc/smbpasswd file must not have an extended ACL - '/etc/samba/secrets.tdb' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN006310 - The /etc/news/nnrp.access file must not have an extended ACL. | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN008360 - If the system is using LDAP for authentication or account information, the LDAP TLS key file must not have an extended ACL - '/etc/openldap/cacerts/key.pem' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| Monterey - Disable Handoff | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| PHTN-67-000124 - The Photon operating system must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PPS9-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EDB PostgreSQL Advanced Server OS Linux Audit v1r7 | Unix | ACCESS CONTROL |
| UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes. | DISA STIG Ubuntu 20.04 LTS v1r12 | Unix | ACCESS CONTROL |
| WINUR-000019 - The Deny log on as a service user right must be configured to prevent access from highly privileged accounts. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| WINUR-000020 - The Deny log on locally user rightmust be configured to prevent access from highly privileged accounts. - Domain | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
