| 2.2.14 Ensure NIS server is not installed | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| AIOS-17-010600 - Apple iOS/iPadOS 17 must implement the management setting: not allow automatic completion of Safari browser passcodes. | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-011900 - Apple iOS/iPadOS 17 users must complete required training. | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-711200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| APPL-14-002110 - The macOS system must disable Bluetooth sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Calendar.app | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Mail App | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Mail App | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Calendar.app | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Calendar.app | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Mail App | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Mail App | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Mail App | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| DKER-EE-001880 - The Docker Enterprise self-signed certificates in Docker Trusted Registry (DTR) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002020 - Docker Enterprise CPU priority must be set appropriately on all containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002030 - All Docker Enterprise containers root filesystem must be mounted as read only. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002040 - Docker Enterprise host devices must not be directly exposed to containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002080 - Docker Enterprise exec commands must not be used with privileged option. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DTBC-0004 - Sites ability to show pop-ups must be disabled. | DISA Google Chrome Current Windows STIG v2r11 | Windows | CONFIGURATION MANAGEMENT |
| DTBI044-IE11 - Clipboard operations via script must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI061-IE11 - Java permissions must be configured with High Safety (Intranet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI091-IE11 - Java permissions must be configured with High Safety (Trusted Sites zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI126-IE11 - Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI133-IE11 - Active scripting must be disallowed (Restricted Sites Zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI318-IE11 - Internet Explorer must be set to disallow users to add/delete sites. | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI385-IE11 - Script-initiated windows without size or position constraints must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI435-IE11 - Java permissions must be disallowed (Locked Down Intranet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI495-IE11 - Pop-up Blocker must be enforced (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI605-IE11 - Internet Explorer Processes for MK protocol must be enforced (iexplore). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI725-IE11 - Turn on the auto-complete feature for user names and passwords on forms must be disabled. | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI810-IE11 - When uploading files to a server, the local directory path must be excluded (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI840-IE11 - Cross-Site Scripting Filter must be enforced (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI860-IE11 - When uploading files to a server, the local directory path must be excluded (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI910-IE11 - Status bar updates via script must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI1110-IE11 - Enabling outdated ActiveX controls for Internet Explorer must be blocked. | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000261 - Interactive scripts on the IIS 10.0 web server must be located in unique and designated folders. | DISA IIS 10.0 Site v2r12 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000263 - Backup interactive scripts on the IIS 10.0 server must be removed. | DISA IIS 10.0 Site v2r12 | Windows | CONFIGURATION MANAGEMENT |
| Monterey - Disable the Internet Accounts System Preference Pane | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Internet Accounts System Preference Pane | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| RHEL-09-212050 - RHEL 9 must enable mitigations against processor-based vulnerabilities. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-252025 - RHEL 9 must disable the chrony daemon from acting as a server. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| WN16-00-000411 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-CC-000030 - WDigest Authentication must be disabled on Windows Server 2016. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000370 - Windows Server 2019 must not have the TFTP Client installed. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000390 - Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000410 - Windows Server 2019 must not have Windows PowerShell 2.0 installed. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000200 - Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000300 - Windows Server 2019 Windows Defender SmartScreen must be enabled. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
