| ALMA-09-006510 - AlmaLinux OS 9 must require authentication to access single-user mode. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | ACCESS CONTROL |
| APPL-14-000033 The macOS system must disable FileVault automatic log on. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-002001 The macOS system must disable Server Message Block sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-14-005070 The macOS system must enable Authenticated Root. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
| APPL-15-002006 - The macOS system must disable Unix-to-Unix Copy Protocol (UUCP) service. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-002050 - The macOS system must disable Screen Sharing and Apple Remote Desktop. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| APPL-15-002100 - The macOS system must disable Media Sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL |
| CD12-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000320 - The Kubernetes API server must have the insecure port flag disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000330 - The Kubernetes Kubelet must have the 'readOnlyPort' flag disabled - readOnlyPort flag disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000100 - The Kubernetes Controller Manager must have secure binding. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | ACCESS CONTROL |
| CNTR-R2-000130 - The Kubernetes Kubelet must have the read-only port flag disabled. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | ACCESS CONTROL |
| CNTR-R2-000140 - The Kubernetes API server must have the insecure bind address not set. | DISA Rancher Government Solutions RKE2 STIG v2r3 | Unix | ACCESS CONTROL |
| EX19-MB-000020 - Exchange must have authenticated access set to integrated Windows authentication only. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| JUEX-NM-000060 - The Juniper EX switch must be configured to assign appropriate user roles or access levels to authenticated users. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | ACCESS CONTROL |
| MYS8-00-005400 - The MySQL Database Server 8.0 must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| OL07-00-010483 - Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| OL08-00-010149 - OL 8 operating systems booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Oracle Linux 8 STIG v2r4 | Unix | ACCESS CONTROL |
| PHTN-30-000031 - The Photon operating system must require authentication upon booting into single-user and maintenance modes. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| RHEL-07-010483 - Red Hat Enterprise Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-010492 - Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-08-010152 - RHEL 8 operating systems must require authentication upon booting into emergency mode. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-09-212020 - RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-611195 - RHEL 9 must require authentication to access emergency mode. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| SLES-15-010190 - SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes. | DISA SLES 15 STIG v2r2 | Unix | ACCESS CONTROL |
| SYMP-AG-000060 - Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-212010 - Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | ACCESS CONTROL |
| VCLU-80-000005 The vCenter Lookup service cookies must have secure flag set. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| VCLU-80-000129 The vCenter Lookup service cookies must have 'http-only' flag set. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| VCLU-80-000130 The vCenter Lookup service DefaultServlet must be set to 'readonly' for 'PUT' and 'DELETE' commands. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000211 - The WebSphere Application Server Java 2 security must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WN11-UR-000070 - The 'Deny access to this computer from the network' user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN11-UR-000075 - The 'Deny log on as a batch job' user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
| WN16-DC-000401 - Windows Server 2016 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN19-DC-000391 - Windows Server 2019 must be configured for certificate-based authentication for domain controllers. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-DC-000401 - Windows Server 2019 must be configured for named-based strong mappings for certificates. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN22-DC-000380 - Windows Server 2022 Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000406 - Windows Server 2022 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-MS-000090 - Windows Server 2022 Deny log on as a batch job user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-MS-000100 - Windows Server 2022 Deny log on as a service user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts. No other groups or accounts must be assigned this right. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-UR-000030 - Windows Server 2022 Allow log on locally user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
