| AOSX-13-000554 - The macOS system must not have a guest account - Guest fdesetup | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs) | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| DB2X-00-003000 - The DB2 software installation account must be restricted to authorized users. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| DB2X-00-003300 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to DB2, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration of DB2 or database(s). | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| DB2X-00-008200 - DB2 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of DB2 or database(s) - OS Auditing | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| EX13-EG-000295 - The Exchange software baseline copy must exist. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000290 - An Exchange software baseline copy must exist. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| EX16-MB-000580 - An Exchange software baseline copy must exist. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| JBOS-AS-000545 - Production JBoss servers must not allow automatic application deployment. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| MD3X-00-000670 - MongoDB must enforce access restrictions associated with changes to the configuration of MongoDB or database(s). | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB | MongoDB | CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| O112-C2-010300 - The DBMS must support enforcement of logical access restrictions associated with changes to the DBMS configuration and to the database itself. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C1-011100 - Oracle software must be evaluated and patched against newly found vulnerabilities. | DISA STIG Oracle 12c v3r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-C2-011000 - Database objects must be owned by accounts authorized for ownership. | DISA STIG Oracle 12c v3r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O121-OS-010710 - Logic modules within the database (to include packages, procedures, functions and triggers) must be monitored to discover unauthorized changes. | DISA STIG Oracle 12c v3r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| O365-PU-000003 - Publisher must disable all unsigned VBA macros. | DISA STIG Microsoft Office 365 ProPlus v3r1 | Windows | CONFIGURATION MANAGEMENT |
| OL6-00-000045 - Library files must have mode 0755 or less permissive - '/usr/lib64' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000046 - Library files must be owned by a system account - '/usr/lib64' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000047 - All system command files must have mode 755 or less permissive - '/bin' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000047 - All system command files must have mode 755 or less permissive - '/sbin' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000047 - All system command files must have mode 755 or less permissive - '/usr/sbin' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000048 - All system command files must be owned by root - '/bin' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-003210 - EDB Postgres Advanced Server software modules, to include stored procedures, functions and triggers must be monitored to discover unauthorized changes. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| RHEL-06-000045 - Library files must have mode 0755 or less permissive - '/usr/lib64/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000046 - Library files must be owned by a system account - '/lib64/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000046 - Library files must be owned by a system account - '/usr/local/lib64/*'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000047 - All system command files must have mode 755 or less permissive - '/usr/local/sbin/*' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000048 - All system command files must be owned by root - /sbin/*. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000048 - All system command files must be owned by root - /usr/sbin/*. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020060 - The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-020020 - The system must verify that package updates are digitally signed. | DISA STIG Solaris 11 X86 v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SQL4-00-014900 - SQL Server must be monitored to discover unauthorized changes to functions. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-015100 - SQL Server must be monitored to discover unauthorized changes to triggers. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-015350 - Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015400 - SQL Server software installation account(s) must be restricted to authorized users. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-015600 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be owned by database/DBMS principals authorized for ownership. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-030700 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - AUDIT_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - DATABASE_OPERATION_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - DBCC_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 104 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| TCAT-AS-001200 - $CATALINA_HOME folder must be owned by the root user, group tomcat. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-001260 - $CATALINA_BASE/temp/ folder must be owned by tomcat user, group tomcat. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-001280 - $CATALINA_BASE/work/ folder must be owned by tomcat user, group tomcat. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| UBTU-16-011040 - System commands must be owned by root. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-18-010143 - The Ubuntu operating system must have system commands group-owned by root or a system account. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | CONFIGURATION MANAGEMENT |
