| AADC-CL-000280 - Adobe Acrobat Pro DC Classic access to unknown websites must be restricted. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-000285 - Adobe Acrobat Pro DC Classic access to websites must be blocked. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-000285 - Adobe Acrobat Pro DC Continuous access to websites must be blocked. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001295 - Adobe Acrobat Pro DC Continuous Repair Installation must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AIOS-02-080102 - Apple iOS must implement the management setting: not allow use of Handoff. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-12-000200 - Apple iOS must be configured to not allow passwords that include more than two repeating or sequential characters. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-000400 - Apple iOS/iPadOS must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-011100 - Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-012100 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-001000 - Apple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-712300 - Apple iOS/iPadOS 16 must not allow managed apps to write contacts to unmanaged contacts accounts. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-011600 - Apple iOS/iPadOS 17 must implement the management setting: not have any Family Members in Family Sharing. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AMLS-NM-000180 - The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000190 - The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000120 - Adobe Reader DC must disable Service Upgrades. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000055 - Adobe Reader DC must disable the Adobe Send and Track plugin for Outlook. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000080 - Adobe Reader DC must disable Acrobat Upsell. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000085 - Adobe Reader DC must disable Adobe Send for Signature. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AS24-U2-000960 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | CONFIGURATION MANAGEMENT |
| AS24-W1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000950 - The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | CONFIGURATION MANAGEMENT |
| BIND-9X-001031 - The print-time variable for the configuration of BIND 9.x server logs must be configured to establish when (date and time) the events occurred. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001032 - The print-category variable for the configuration of BIND 9.x server logs must be configured to record information indicating which process generated the events. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| RHEL-06-000004 - The system must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000166 - The audit system must be configured to audit all attempts to alter system time through adjtimex - 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000182 - The audit system must be configured to audit modifications to the systems network configuration - /etc/hosts | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000182 - The audit system must be configured to audit modifications to the systems network configuration - /etc/sysconfig/network | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000183 - The audit system must be configured to audit modifications to the systems Mandatory Access Control (MAC) configuration (SELinux). | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000188 - The audit system must be configured to audit all discretionary access control permission modifications using fchown - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000189 - The audit system must be configured to audit all discretionary access control permission modifications using fchownat - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000190 - The audit system must be configured to audit all discretionary access control permission modifications using fremovexattr - auid=0 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000190 - The audit system must be configured to audit all discretionary access control permission modifications using fremovexattr - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000191 - The audit system must be configured to audit all discretionary access control permission modifications using fsetxattr - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - auid=0 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000200 - The audit system must be configured to audit user deletions of files and programs - rmdir 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000200 - The audit system must be configured to audit user deletions of files and programs - unlink 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-001900 - SQL Server must isolate security functions from non-security functions. | DISA STIG SQL Server 2016 Database Audit v3r1 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved. | DISA STIG SQL Server 2016 Instance OS Audit v3r1 | Windows | CONFIGURATION MANAGEMENT |
| TCAT-AS-000520 - DefaultServlet directory listings parameter must be disabled. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-000570 - Tomcat default ROOT web application must be removed. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-001660 - STRICT_SERVLET_COMPLIANCE must be set to true. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TCAT-AS-001670 - RECYCLE_FACADES must be set to true. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
