| 1.008 - Shared user accounts are permitted on the system. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.015 - File share ACLs have not been reconfigured to remove the Everyone group. | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.019 - Security-related Software Patches are not applied. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 3.070 - The system is configured to permit storage of credentials or .NET Passports. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.082 - The system is configured to allow unsolicited remote assistance offers. | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.121 - The system does not have a backup administrator account | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 3.130 - User Account Control - Behavior of elevation prompt for administrators | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.008 - Auditing must be configured as required. - 'Detailed Tracking -> Process Creation' successes. | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.008 - Auditing must be configured as required. - 'Policy Change -> Authentication Policy Change' successes. | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.008 - Auditing must be configured as required. - System -> System Integrity' | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| DTOO136 - Access - The Default file format must be set. | DISA STIG Office 2010 Access v1r11 | Windows | CONFIGURATION MANAGEMENT |
| DTOO304 - Access - Warning Bar settings for VBA macros must be configured. | DISA STIG Office 2010 Access v1r11 | Windows | CONFIGURATION MANAGEMENT |
| GEN003360 - The at daemon must not execute group-writable or world-writable programs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003510 - Kernel core dumps must be disabled unless needed - 'secondary dump device' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003600 - The system must not forward IPv4 source-routed packets. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003720 - The inetd.conf file, xinetd.conf file, and the xinetd.d directory must be owned by root or bin - 'xinetd.d' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003740 - The inetd.conf and xinetd.conf files must have mode 0440 or less permissive - 'inetd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003760 - The services file must be owned by root or bin. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003780 - The services file must have mode 0444 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003865 - Network analysis tools must not be installed - 'tcpdump' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003920 - The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN004840 - If the system is an anonymous FTP server, it must be isolated to the DMZ network. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005320 - The snmpd.conf file must have mode 0600 or less permissive - '/etc/snmpd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005350 - Management Information Base (MIB) files must not have extended ACLs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005375 - The snmpd.conf file must not have an extended ACL - '/etc/snmpdv3.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005395 - The /etc/syslog.conf file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005506 - The SSH daemon must be configured to not use Cipher-Block Chaining (CBC) ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005521 - The SSH daemon must restrict login ability to specific users and/or groups. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005539 - The SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005550 - The SSH daemon must be configured with the Department of Defense (DoD) logon banner - 'Banner file contents' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005570 - The system must be configured with a default gateway for IPv6 if the system uses IPv6, unless the system is a router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005610 - The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005800 - All NFS-exported system files and system directories must be owned by root. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005810 - All NFS-exported system files and system directories must be group-owned by root, bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005840 - The NFS server must be configured to restrict file system access to local hosts - 'Exports containing rw should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN006120 - The /usr/lib/smb.conf file must be group-owned by bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006200 - The /var/private/smbpasswd file must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006260 - The /etc/news/hosts.nntp (or equivalent) must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006330 - The /etc/news/passwd.nntp file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006420 - NIS maps must be protected through hard-to-guess domain names. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN006600 - The system's access control program must log each system access attempt - 'auth.info' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat' - update date | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006640 - The system must use and update a DoD-approved virus scan program - 'uvscan exists in crontabs' | DISA STIG AIX 5.3 v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN007720 - The IPv6 protocol handler must be prevented from dynamic loading unless needed. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN007840 - The DHCP client must be disabled if not needed. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN007850 - The DHCP client must not send dynamic DNS updates - 'updateDNS exists in /etc/dhcpc.opt' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN008120 - If the system is using LDAP the /etc/ldap.conf file must not have an extended ACL | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN008180 - The TLS certificate authority file must have mode 0644 (0755 for directories) or less permissive | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
