| ADBP-XI-000990 - Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL |
| APPL-12-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| ARST-RT-000290 - The MPLS router with RSVP-TE enabled must be configured with message pacing or refresh reduction to adjust maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000310 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000039 - URLs must be allowlisted for plugin use if used. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EX19-MB-000121 Exchange mailbox stores must mount at startup. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000122 Exchange mail quota settings must not restrict receiving mail. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000123 Exchange mail quota settings must not restrict sending mail. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000124 Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000125 The Exchange Receive Connector Maximum Hop Count must be 60. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000126 The Exchange send connector connections count must be limited. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000127 Exchange receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000128 Exchange message size restrictions must be controlled on send connectors. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000129 The Exchange global inbound message size must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000130 The Exchange global outbound message size must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000131 The Exchange Outbound Connection Limit per Domain Count must be controlled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000235 - The F5 BIG-IP appliance APM Access Policies that grant access to web application resources must allow only client certificates that have the User Persona Name (UPN) value in the User Persona Client Certificates. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000241 - When the Access Profile Type is LTM+APM and it is not using any connectivity resources (such as Network Access, Portal Access, etc.) in the VPE, the F5 BIG-IP appliance must be configured to enable the HTTP Only flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000243 - The F5 BIG-IP appliance must be configured to disable the 'Persistent' cookie flag. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set certificate | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set server | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-RT-000060 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000100 - The Juniper router configured for BGP must reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000750 - The Juniper perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000780 - The Juniper multicast Designated Router (DR) must be configured to filter the IGMP and MLD Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services - EMM to perform the following management function: Enable/disable location services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| SHPT-00-000165 - SharePoint must enable IRM to bind attributes to information to facilitate the organization's established information flow policy as needed. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SHPT-00-000405 - To support audit review, analysis, and reporting, SharePoint must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
| SLES-15-010140 - The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface (GUI). | DISA SLES 15 STIG v2r1 | Unix | ACCESS CONTROL |
| SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000160 - Splunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity - at a minimum when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000170 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000250 - Splunk Enterprise must be configured to back up the log records repository at least every seven days onto a different system or system component other than the system or component being audited. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SQL2-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-017510 - Appropriate staff must be alerted when the amount of storage space used by the SQL Server transaction log file(s) exceeds an organization-defined value - s exceeds an organization-defined value. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | CONTINGENCY PLANNING |
| SYMP-NM-000090 - Symantec ProxySG must generate an alert to the console when a log processing failure is detected such as loss of communications with the Central Log Server or log records are no longer being sent - email addresses | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010216 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010217 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-651035 - Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653020 - Ubuntu 22.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system from the system being audited. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653040 - Ubuntu 22.04 LTS must immediately notify the system administrator (SA) and information system security officer (ISSO) when the audit record storage volume reaches 25 percent remaining of the allocated capacity. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-001520 - The WebSphere Application Server must not generate LTPA keys automatically. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001520 - The WebSphere Application Server must not generate LTPA keys automatically. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001520 - The WebSphere Application Server must not generate LTPA keys automatically. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001530 - The WebSphere Application Server must periodically regenerate LTPA keys. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001530 - The WebSphere Application Server must periodically regenerate LTPA keys. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
