| AIOS-17-007000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007000 - Apple iOS/iPadOS 17 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-007400 - Apple iOS/iPadOS 17 allow list must be configured to not include applications with the following characteristics: - backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- transmits MD diagnostic data to non-DOD servers;- allows synchronization of data or applications between devices associated with user; and- allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-014700 - Apple iOS/iPadOS 17 must have DOD root and intermediate PKI certificates installed. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-007000 - Apple iOS/iPadOS 18 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012000 - A managed photo app must be used to take and store work-related photos. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012700 - Apple iOS/iPadOS 18 must disable 'Password AutoFill' in browsers and applications - Password AutoFill in browsers and applications. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012900 - Apple iOS/iPadOS 18 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-013000 - Apple iOS/iPadOS 18 must disable password sharing. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-013200 - The Apple iOS/iPadOS 18 must be supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014500 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of translation. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014600 - Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015000 - Apple iOS/iPadOS 18 must disable app installation from a website. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIX7-00-002144 - The AIX /etc/syslog.conf file must be owned by root. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002148 - The AIX /var/spool/cron/atjobs directory must be group-owned by cron. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - EnableAssessment | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002060 - The macOS system must allow only applications that have a valid digital signature to run - Unsigned Applications | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - Access Control List | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User directory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another user's files - User subdirectory Public permissions | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-003052 - The macOS system must be configured so that the sudo command requires smart card authentication. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-005050 - The macOS Application Firewall must be enabled - EnableStealthMode | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000235 - The Cisco switch must be configured to have Cisco Express Forwarding enabled. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000236 - The Cisco switch must be configured to advertise a hop limit of at least 32 in Switch Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CNTR-K8-003110 - The Kubernetes component manifests must be owned by root. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003120 - The Kubernetes component etcd must be owned by etcd. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003170 - The Kubernetes Kubelet certificate authority must be owned by root. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003200 - The Kubernetes kubelet KubeConfig file must be owned by root. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| CNTR-K8-003260 - The Kubernetes etcd must have file permissions set to 644 or more restrictive. | DISA STIG Kubernetes v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020090 - The SUSE operating system must not have unnecessary accounts. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020091 - The SUSE operating system must not have unnecessary account capabilities. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020101 - The SUSE operating system must restrict privilege elevation to authorized personnel. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-030810 - The SUSE operating system must use a separate file system for the system audit data path. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040070 - All SUSE operating system local interactive users must have a home directory assigned in the /etc/passwd file. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040120 - All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040130 - All SUSE operating system local initialization files must not execute world-writable programs. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040150 - SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040321 - The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040340 - The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040341 - The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040370 - The SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040430 - The SUSE operating system must not allow unattended or automatic logon via the graphical user interface (GUI). | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040440 - The SUSE operating system must not allow unattended or automatic logon via SSH. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
