| 1.6.1.9 Ensure non-privileged users are prevented from executing privileged functions | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| AS24-W2-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | ACCESS CONTROL |
| CD12-00-011700 - PostgreSQL must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | ACCESS CONTROL |
| DTOO201 - Connection verification of permissions must be enforced. | DISA STIG Microsoft Office System 2016 v2r3 | Windows | ACCESS CONTROL |
| EX19-ED-000174 Role-Based Access Control must be defined for privileged and nonprivileged users. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | ACCESS CONTROL |
| EX19-MB-000173 Role-Based Access Control must be defined for privileged and nonprivileged users. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | ACCESS CONTROL |
| GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)]. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL |
| GOOG-14-012200 - Google Android 14 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | AirWatch - DISA Google Android 14 COPE v2r1 | MDM | ACCESS CONTROL |
| JBOS-AS-000475 - The application server must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA RedHat JBoss EAP 6.3 STIG v2r4 | Unix | ACCESS CONTROL |
| MADB-10-006800 - MariaDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | ACCESS CONTROL |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-002000 - Microsoft Android 11 must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services - EMM to perform the following management function: Enable/disable location services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| O365-CO-000010 - Users must be prevented from creating new trusted locations in the Trust Center. | DISA STIG Microsoft Office 365 ProPlus v3r1 | Windows | ACCESS CONTROL |
| OL07-00-020023 - The Oracle Linux operating system must elevate the SELinux context when an administrator calls the sudo command. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| OL08-00-040400 - OL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-09-211045 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-211050 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL6-D0-010400 - SQL Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | ACCESS CONTROL |
| WN11-UR-000065 - The 'Debug programs' user right must only be assigned to the Administrators group. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
| WN11-UR-000095 - The 'Enable computer and user accounts to be trusted for delegation' user right must not be assigned to any groups or accounts. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
| WN11-UR-000100 - The 'Force shutdown from a remote system' user right must only be assigned to the Administrators group. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
| WN11-UR-000125 - The 'Lock pages in memory' user right must not be assigned to any groups or accounts. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
| WN12-UR-000003 - The Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000012 - The Create a token object user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000013 - The Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000014 - The Create permanent shared objects user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000023 - The Force shutdown from a remote system user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000027 - The Increase scheduling priority user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000029 - The Lock pages in memory user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000034 - The Modify firmware environment values user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-UR-000240 - The Load and unload device drivers user right must only be assigned to the Administrators group. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN16-UR-000300 - The Restore files and directories user right must only be assigned to the Administrators group. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN19-DC-000080 - Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-DC-000110 - Windows Server 2019 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-UR-000080 - Windows Server 2019 Create permanent shared objects user right must not be assigned to any groups or accounts. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-UR-000110 - Windows Server 2019 Force shutdown from a remote system user right must only be assigned to the Administrators group. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-UR-000200 - Windows Server 2019 Profile single process user right must only be assigned to the Administrators group. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN19-UR-000210 - Windows Server 2019 Restore files and directories user right must only be assigned to the Administrators group. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
| WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-DC-000010 - Windows Server 2022 must only allow administrators responsible for the domain controller to have Administrator rights on the system. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-DC-000070 - Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-UR-000010 - Windows Server 2022 Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-UR-000100 - Windows Server 2022 debug programs user right must only be assigned to the Administrators group. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
| WN22-UR-000160 - Windows Server 2022 lock pages in memory user right must not be assigned to any groups or accounts. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WN22-UR-000200 - Windows Server 2022 profile single process user right must only be assigned to the Administrators group. | DISA Windows Server 2022 STIG v2r2 | Windows | ACCESS CONTROL |
