| 1.6.1.3 Ensure SELinux policy is configured - sestatus | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.5 Ensure the SELinux mode is enforcing - getenforce | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.4 Ensure permissions on SSH private host key files are configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1 Audit system file permissions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure no world writable files exist | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure no world writable files exist | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure no world writable files exist | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| AOSX-12-001120 - The OS X system must be configured with the sticky bit set on all public directories. | DISA STIG Apple Mac OSX 10.12 v1r6 | Unix | ACCESS CONTROL |
| APPL-14-002003 - The macOS system must disable Network File System service. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| APPL-14-002006 - The macOS system must disable Unix-to-Unix Copy Protocol service. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| APPL-14-002050 - The macOS system must disable Screen Sharing and Apple Remote Desktop. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000340 - The Kubernetes API server must have the insecure bind address not set. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000420 - Kubernetes dashboard must not be enabled. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000450 - Kubernetes DynamicAuditing must not be enabled - kubelet | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| DB2X-00-003200 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to DB2, etc.) must be owned by database/DBMS principals authorized for ownership - TABLESPACES | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - INDEXAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - ROUTINEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DB2X-00-007000 - DB2 must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures - TBSPACEAUTH | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | ACCESS CONTROL |
| DO6747: Connection Manager remote administration - '$ORACLE_HOME/network/admin/cman.ora REMOTE_ADMIN = no' | DISA STIG Oracle 11 Installation v8r19 Linux | Unix | ACCESS CONTROL |
| EPAS-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | ACCESS CONTROL |
| GEN000000-LNX00800 - The system must use a Linux Security Module configured to limit the privileges of system services - 'SELINUXTYPE = targeted or strict' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| GEN001210 M6 - System command files must not have extended ACLs - '/usr/bin' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001310 M6 - All library files must not have extended ACLs - '/System/Library/Frameworks' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001390 M6 - The /etc/passwd file must not have an extended ACL | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001570 M6 - All files and directories contained in user home directories must not have extended ACLs | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN001590 M6 - Launch control scripts must not have extended ACLs - '/System/Library/LaunchAgents' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003090 M6 - Crontab files must not have extended ACLs - '/usr/bin/crontab' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003110 M6 - Cron and crontab directories must not have extended ACLs - '/usr/lib/cron' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003210 M6 - The cron.deny file must not have an extended ACL - '/private/var/at/cron.deny' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN003440 M6 - 'At' jobs must not set the umask to a value less restrictive than 077 - '/var/at/spool/*' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN005395 M6 - The /etc/syslog.conf file must not have an extended ACL - '/etc/syslog.conf' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| GEN008120 M6 - The /etc/openldap/ldap.conf (or equivalent) file must not have an extended ACL - '/etc/openldap/ldap.conf' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
| IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Anonymous username | DISA IIS 8.5 Site v1r9 | Windows | ACCESS CONTROL |
| IISW-SV-000159 - The IIS 8.5 web server must have a global authorization rule configured to restrict access. | DISA IIS 8.5 Server v1r9 | Windows | ACCESS CONTROL |
| MD4X-00-001700 - MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 DB | MongoDB | ACCESS CONTROL |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Bluetooth Sharing | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| PHTN-30-000031 - The Photon operating system must require authentication upon booting into single-user and maintenance modes. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | ACCESS CONTROL |
| RHEL-08-010152 - RHEL 8 operating systems must require authentication upon booting into emergency mode. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | ACCESS CONTROL |
| RHEL-09-611195 - RHEL 9 must require authentication to access emergency mode. | DISA Red Hat Enterprise Linux 9 STIG v2r1 | Unix | ACCESS CONTROL |
| SYMP-AG-000060 - Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| UBTU-22-212010 - Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. | DISA STIG Canonical Ubuntu 22.04 LTS v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WN11-00-000050 - Local volumes must be formatted using NTFS. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN11-UR-000070 - The 'Deny access to this computer from the network' user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN11-UR-000085 - The 'Deny log on locally' user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems. | DISA Windows 11 STIG v2r1 | Windows | ACCESS CONTROL |
| WN22-MS-000100 - Windows Server 2022 Deny log on as a service user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts. No other groups or accounts must be assigned this right. | DISA Windows Server 2022 STIG v2r1 | Windows | ACCESS CONTROL |
