| ADBP-XI-001075 - The Adobe Acrobat Pro XI latest security-related software updates must be installed. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-16-010400 - Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-710400 - Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-010400 - Apple iOS/iPadOS 17 must require a valid password be successfully entered before the mobile device data is unencrypted. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-011200 - iPhone and iPad must have the latest available iOS/iPadOS operating system installed. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-13-999999 - The macOS system must be a supported release. | DISA STIG Apple macOS 13 v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-14-002062 The macOS system must disable Bluetooth when no approved device is connected. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000860 - The Arista network device must be running an operating system release that is currently supported by the vendor. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| CASA-ND-000430 - The Cisco ASA must be configured to prohibit the use of all unnecessary and/or non-secure functions, ports, protocols, and/or services. | DISA STIG Cisco ASA NDM v2r2 | Cisco | CONFIGURATION MANAGEMENT |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CNTR-K8-000360 - The Kubernetes API server must have anonymous authentication disabled. | DISA STIG Kubernetes v2r2 | Unix | ACCESS CONTROL |
| Configuring cookie encryption within the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-010800 - Android 13 devices must have the latest available Google Android 13 operating system installed. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | CONFIGURATION MANAGEMENT |
| IISW-SI-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-L2-000020 - The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| KNOX-07-018900 - The Samsung Android 7 with Knox must use a NIAP certified container for work data and applications. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| MADB-10-004300 - MariaDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-005200 - MariaDB must protect the confidentiality and integrity of all information at rest. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-009300 MongoDB products must be a supported version. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| MYS8-00-012600 - MySQL database products must be a version supported by the vendor. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| Preserving or modifying HTTP response headers removed by the BIG-IP ASM system | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-010820 - Unattended or automatic logon via the RHEL 8 graphical user interface must not be allowed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020330 - RHEL 8 must not allow accounts configured with blank or null passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040000 - RHEL 8 must not have the telnet-server package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211010 - RHEL 9 must be a vendor-supported release. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252070 - There must be no shosts.equiv files on RHEL 9. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010221 - The SUSE operating system must not have accounts configured with blank or null passwords. | DISA SLES 12 STIG v3r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040430 - The SUSE operating system must not allow unattended or automatic logon via the graphical user interface (GUI). | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040440 - The SUSE operating system must not allow unattended or automatic logon via SSH. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-AG-000320 - Symantec ProxySG must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - Domain Joined | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000340 - Symantec ProxySG providing user authentication intermediary services must restrict user authentication traffic to specific authentication servers - Domain joined | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000220 - Symantec ProxySG must use only approved management services protocols. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-NM-000320 - Symantec ProxySG must enable Attack Detection. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010012 - The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100040 - Ubuntu 24.04 LTS must not have the rsh-server package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-24-102000 - Ubuntu 24.04 LTS when booted must require authentication upon booting into single-user and maintenance modes. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | ACCESS CONTROL |
| VCPG-67-000012 - VMware Postgres must require authentication on all connections. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN22-CC-000500 - Windows Server 2022 Windows Remote Management (WinRM) service must not use Basic authentication. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | MAINTENANCE |
| WN22-SO-000310 - Windows Server 2022 LAN Manager authentication level must be configured to send NTLMv2 response only and to refuse LM and NTLM. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
