| 1.4.1 Ensure bootloader password is set - password user | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| APPL-14-002008 - The macOS system must disable the built-in web server. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL |
| APPL-14-002022 - The macOS system must disable Remote Apple Events. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-14-002110 - The macOS system must disable Bluetooth sharing. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-14-005070 - The macOS system must enable Authenticated Root. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL |
| APPL-15-002022 - The macOS system must disable Remote Apple Events. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-002110 - The macOS system must disable Bluetooth Sharing. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CNTR-K8-000310 - The Kubernetes Controller Manager must have secure binding. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000330 - The Kubernetes Kubelet must have the 'readOnlyPort' flag disabled - readOnlyPort flag disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000370 - The Kubernetes Kubelet must have anonymous authentication disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-K8-000440 - The Kubernetes kubelet staticPodPath must not enable static pods. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000120 The Kubernetes API server must have the insecure port flag disabled. | DISA Rancher Government Solutions RKE2 STIG v2r2 | Unix | ACCESS CONTROL |
| CNTR-R2-000130 The Kubernetes Kubelet must have the read-only port flag disabled. | DISA Rancher Government Solutions RKE2 STIG v2r2 | Unix | ACCESS CONTROL |
| DTAM144 - McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent termination of McAfee processes. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | ACCESS CONTROL |
| DTAM144 - McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent termination of McAfee processes. | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | ACCESS CONTROL |
| DTOO208 - Office client polling of SharePoint servers published links must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000030 - Exchange Servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WindowsAuthEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-CA-000040 - Exchange must have IIS map client certificates to an approved certificate server. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| F5BI-AP-000003 - The BIG-IP APM module must enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | ACCESS CONTROL |
| F5BI-DM-000027 - The BIG-IP appliance must be configured to enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | ACCESS CONTROL |
| F5BI-LT-000003 - The BIG-IP Core implementation must be configured to enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN008620 - BIOS or system controllers supporting password protection must have administrator accounts/passwords configured and no others. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN008620 - System BIOS or system controllers supporting password protection must have admin accounts/passwords configured, and no others. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN008620 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN008620 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN008620 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN008700 - The system boot loader must require authentication - '/boot/grub/grub.conf' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN008700 - The system boot loader must require authentication - '/boot/grub/grub.conf' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN008700 - The system boot loader must require authentication - '/boot/grub/menu.lst' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN008700 - The system boot loader must require authentication - '/boot/grub/menu.lst' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN008700 - The system boot loader must require authentication. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN008710 - The system boot loader must protect passwords using an MD5 or stronger cryptographic hash. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN008710 - The system boot loader must protect passwords using an MD5 or stronger cryptographic hash. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL |
| GEN008710 - The system boot loader must protect passwords using an MD5 or stronger cryptographic hash. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| MYS8-00-005400 - The MySQL Database Server 8.0 must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | ACCESS CONTROL |
| OL08-00-010140 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Oracle Linux 8 STIG v2r2 | Unix | ACCESS CONTROL |
| PHTN-30-000031 - The Photon operating system must require authentication upon booting into single-user and maintenance modes. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | ACCESS CONTROL |
| RHEL-09-611200 - RHEL 9 must require authentication to access single-user mode. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL |
| SYMP-AG-000060 - Symantec ProxySG must implement security policies that enforce approved authorizations for logical access to information and system resources by employing identity-based, role-based, and/or attribute-based security policies. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010009 - Ubuntu operating systems when booted must require authentication upon booting into single-user and maintenance modes. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000230 - The WebSphere Application Server LDAP groups must be authorized for the WebSphere role. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-000230 - The WebSphere Application Server LDAP groups must be authorized for the WebSphere role. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-000230 - The WebSphere Application Server LDAP groups must be authorized for the WebSphere role. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
