| 1.4.4 Ensure boot loader does not allow removable media | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.10 Ensure system device files are labeled - device_t | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.10 Ensure system device files are labeled - unlabeled_t | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.3.31 Ensure SSH does not permit Kerberos authentication | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.5.9 Ensure local interactive user accounts umask is 077 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-003102 - AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status. | DISA STIG AIX 7.x v2r9 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-362149 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-008000 - DB2 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| EP11-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EX13-CA-000115 - Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000285 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| EX16-ED-000580 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EX16-MB-000570 - The Exchange application directory must be protected from unauthorized access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| PGS9-00-008400 - PostgreSQL must prohibit user installation of logic modules (functions, trigger procedures, views, etc.) without explicit privileged status. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-031010 - The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040430 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-040700 - The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-033800 - SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| WN10-CC-000310 - Users must be prevented from changing installation options. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000315 - The Windows Installer Always install with elevated privileges must be disabled. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000018 - Optional component installation and component repair must be prevented from using Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000024 - Device driver searches using Windows Update must be prevented. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000026 - Users must not be prompted to search Windows Update for device drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000115 - Users must be prevented from changing installation options. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000115 - Users must be prevented from changing installation options. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000116 - The Windows Installer Always install with elevated privileges option must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000116 - The Windows Installer Always install with elevated privileges option must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000118 - Nonadministrators must be prevented from applying vendor-signed updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000118 - Nonadministrators must be prevented from applying vendor-signed updates. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000122 - Windows Media Player must be configured to prevent automatic checking for updates. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000122 - Windows Media Player must be configured to prevent automatic checking for updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000089 - The print driver installation privilege must be restricted to administrators. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000089 - The print driver installation privilege must be restricted to administrators. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000013 - Media Player must be configured to prevent automatic Codec downloads. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000013 - Media Player must be configured to prevent automatic Codec downloads. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000450 - Users must be prevented from changing installation options. | DISA Windows Server 2016 STIG v2r9 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000420 - Windows Server 2019 must prevent users from changing installation options. | DISA Windows Server 2019 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000430 - Windows Server 2019 must disable the Windows Installer Always install with elevated privileges option. | DISA Windows Server 2019 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
