| CISC-RT-000237 - The Cisco switch must not be configured to use IPv6 Site Local Unicast addresses. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-201 - The McAfee VirusScan Enterprise must be configured to receive all patches, service packs and updates from a DoD-managed source. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| EDGE-00-000008 - The ability of sites to show pop-ups must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000015 - Importing of cookies must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000017 - Importing of browsing history must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000022 - Importing of search engine settings must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000027 - Web Bluetooth API must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000032 - Site tracking of a user's location must be disabled. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EDGE-00-000041 - Extensions installation must be blocklisted by default. | DISA STIG Edge v2r1 | Windows | CONFIGURATION MANAGEMENT |
| MSFT-11-000300 - Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000300 - Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000300 - Microsoft Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000500 - Microsoft Android 11 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-000800 - Microsoft Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, EMM server, mobile application store]. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services);- Transmit MD diagnostic data to non-DOD servers;- Voice assistant application if available when MD is locked;- Voice dialing application if available when MD is locked;- Allows synchronization of data or applications between devices associated with user; and- Allows unencrypted (or encrypted but not FIPS 140-2/FIPS 140-3 validated) data sharing with other MDs or printers. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002800 - Microsoft Android 11 must be configured to disable developer modes. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-002800 - Microsoft Android 11 must be configured to disable developer modes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-008700 - Microsoft Android 11 users must complete required training. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-009400 - Microsoft Android 11 Work Profile must be configured to enforce the system application disable list. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| MSFT-11-010000 - Microsoft Android 11 Work Profile must be configured to disable the autofill services. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| UBTU-22-213025 - Ubuntu 22.04 LTS must implement nonexecutable data to protect its memory from unauthorized code execution. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232025 - Ubuntu 22.04 LTS must configure the '/var/log' directory to have mode '755' or less permissive. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232080 - Ubuntu 22.04 LTS must configure the directories used by the system journal to be owned by 'root'. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232135 - Ubuntu 22.04 LTS must configure the '/var/log/syslog' file to be group-owned by 'adm'. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-271015 - Ubuntu 22.04 LTS must display the Standard Mandatory DOD Notice and Consent Banner before granting local access to the system via a graphical user logon. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-412030 - Ubuntu 22.04 LTS must automatically exit interactive command shell user sessions after 15 minutes of inactivity. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | ACCESS CONTROL |
| UBTU-22-651025 - Ubuntu 22.04 LTS must be configured so that the script that runs each 30 days or less to check file integrity is the default. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-652010 - Ubuntu 22.04 LTS must be configured to preserve log records from failure events. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-653030 - Ubuntu 22.04 LTS must shut down by default upon audit failure. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654010 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654015 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654020 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654065 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the mount command. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
