| EX13-CA-000110 - Exchange must have the Microsoft Active Sync directory removed. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000035 - Exchange Circular Logging must be disabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| F5BI-AP-000025 - The BIG-IP APM module must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users accessing virtual servers acknowledge the usage conditions and take explicit actions to log on for further access. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | ACCESS CONTROL |
| O121-P3-006200 - The DBMS must protect against an individual who uses a shared account falsely denying having performed a particular action. | DISA STIG Oracle 12c v3r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000142 - OHS must have the LoadModule uniqueid_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000146 - OHS must have the IfModule dumpio_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000149 - OHS must have the IfModule mpm_winnt_module directive disabled. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000164 - OHS must have the LoadModule cgi_module directive disabled within the IfModule mpm_winnt_module directive - cgi_module | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | CONFIGURATION MANAGEMENT |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 411 | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 413 | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OH12-1X-000351 - OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths - ErrorDocument 414 | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL6-00-000023 - The system must use a Linux Security Module configured to limit the privileges of system services. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000126 - The Reliable Datagram Sockets (RDS) protocol must be disabled unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000138 - System logs must be rotated daily. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000171 - The audit system must be configured to audit all attempts to alter system time through clock_settime - b64 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000182 - The audit system must be configured to audit modifications to the systems network configuration - '/etc/issue' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000184 - The audit system must be configured to audit all discretionary access control permission modifications using chmod, fchmod, and fchmodat - b32 auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000184 - The audit system must be configured to audit all discretionary access control permission modifications using chmod, fchmod, and fchmodat - b32 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000184 - The audit system must be configured to audit all discretionary access control permission modifications using chmod, fchmod, and fchmodat - b64 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown, fchown, fchownat, and lchown - b64 auid>=500 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b32 EACCES auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - b64 EACCES auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - b32 auid=0 | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000231 - The SSH daemon must set a timeout count on idle sessions. | DISA STIG Oracle Linux 6 v2r7 | Unix | MAINTENANCE |
| OL6-00-000246 - The avahi service must be disabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000256 - The openldap-servers package must not be installed unless required. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000262 - The atd service must be disabled - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000267 - The qpidd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000289 - The netconsole service must be disabled unless required - 'Running' | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000289 - The netconsole service must be disabled unless required - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000296 - All accounts on the system must have unique user or account names. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000337 - All public directories must be owned by a system account. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000344 - The system default umask in /etc/profile must be 077. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000508 - The system must allow locking of graphical desktop sessions. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000516 - The system package management tool must verify ownership on all files and directories associated with packages. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL6-00-000519 - The system package management tool must verify contents of all files associated with packages. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-021330 - The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-040600 - For Oracle Linux operating systems using DNS resolution, at least two name servers must be configured - nameserver 1. | DISA Oracle Linux 7 STIG v2r14 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000077 - Oracle WebLogic must produce audit records containing sufficient information to establish where the events occurred. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000077 - Oracle WebLogic must produce audit records containing sufficient information to establish where the events occurred. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - Module-HealthState | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - SMTP Notification | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000084 - Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000084 - Oracle WebLogic must alert designated individual organizational officials in the event of an audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-03-000129 - Oracle WebLogic must utilize automated mechanisms to prevent program execution on the information system. | Oracle WebLogic Server 12c Linux v2r1 | Unix | CONFIGURATION MANAGEMENT |
| WBLC-03-000129 - Oracle WebLogic must utilize automated mechanisms to prevent program execution on the information system. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WN16-CC-000060 - Windows Server 2016 must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF)-generated routes. | DISA Windows Server 2016 STIG v2r9 | Windows | CONFIGURATION MANAGEMENT |
| WN19-CC-000060 - Windows Server 2019 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows Server 2019 STIG v3r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-CC-000260 - Windows Server 2019 Windows Update must not obtain updates from other PCs on the Internet. | DISA Windows Server 2019 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
