| 2.022 - Disallow AutoPlay/Autorun from Autorun.inf | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 2.023 - Standard user accounts must only have Read permissions to the Winlogon registry key. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| 3.030 - Anonymous access to the registry must be restricted. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| 3.059 - The system is configured to autoplay removable media. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 4.027 - Only administrators responsible for the system must have Administrator rights on the system. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| ADBP-XI-001075 - The Adobe Acrobat Pro XI latest security-related software updates must be installed. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-16-010400 - Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-710400 - Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations - IPsec Phase | DISA STIG Cisco ASA VPN v2r1 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - integrity | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - integrity | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - ipsec-proposal | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-000380 - The Kubernetes kubelet must enable explicit authorization. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-002001 - Kubernetes must enable PodSecurity admission controller on static pods and Kubelets. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-002010 - Kubernetes must have a pod security policy set. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvclean.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvclean.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvscan.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTBI999-IE11 - The version of Internet Explorer running on the system must be a supported version. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO999-PP13 - The version of PowerPoint running on the system must be a supported version. | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO999-Word13 - The version of Microsoft Word running on the system must be a supported version. | DISA STIG Microsoft Word 2013 v1r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EDGE-00-000045 - The version of Microsoft Edge running on the system must be a supported version. | DISA STIG Edge v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-004800 - When using command-line tools such as psql, users must use a logon method that does not expose the password. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000295 - The FortiGate device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'root has logged in over a network' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN003840 - The rexec daemon must not be running. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003850 - The telnet daemon must not be running. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN006380 - The system must not use UDP for NIS/NIS+. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GOOG-09-999999 - All Google Android 9 installations must be removed. | AirWatch - DISA Google Android 9.x v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-010800 - Google Android 11 devices must have the latest available Google Android 11 operating system installed. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-011-999999 - All Google Android 11 installations must be removed. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-011-999999 - All Google Android 11 installations must be removed. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010800 - Android 12 devices must have the latest available Google Android 12 operating system installed. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-010800 - Android 13 devices must have the latest available Google Android 13 operating system installed. | AirWatch - DISA Google Android 13 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed. | AirWatch - DISA Google Android 14 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-008400 - On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-010900 - Honeywell Mobility Edge Android Pie devices must have a NIAP validated Honeywell Mobility Edge Android Pie devices operating system installed. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| HONW-09-999999 - All Honeywell Android 9 installations must be removed. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| IISW-SI-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MSFT-11-010800 - Microsoft Android 11 devices must have the latest available Microsoft Android 11 operating system installed. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| SQL2-00-016500 - SQL Server must have the SQL Server Data Tools (SSDT) software component removed from SQL Server if SSDT is unused. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| UBTU-22-212010 - Ubuntu 22.04 LTS, when booted, must require authentication upon booting into single-user and maintenance modes. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-255040 - Ubuntu 22.04 LTS must be configured so that remote X connections are disabled, unless to fulfill documented and validated mission requirements. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-671010 - Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCENTER-000099 - The version of vCenter running on the server must be a supported version. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
