| AIOS-18-003300 - Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Keychain) - iCloud Keychain. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-003500 - Apple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream) - iCloud Photo Sharing, also known as Shared Photo Streams. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-003600 - Apple iOS/iPadOS 18 must not allow backup to remote systems (managed applications data stored in iCloud) - managed applications data stored in iCloud. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-006800 - Apple iOS/iPadOS 18 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | ACCESS CONTROL |
| AIOS-18-007000 - Apple iOS/iPadOS 18 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-013300 - Apple iOS/iPadOS 18 must disable 'Allow USB drive access in Files app' if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-18-013500 - Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DOD security requirements. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014400 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of dictation. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014400 - Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of dictation. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014600 - Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014600 - Apple iOS/iPadOS 18 must disable copy/paste of data from managed to unmanaged applications. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-014900 - Apple iOS/iPadOS 18 must disable the installation of alternative marketplace apps. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015400 - Apple iOS/iPadOS 18 must disable ChatGPT and other external AI app connections in Apple Intelligence. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015800 - Apple iOS/iPadOS 18 must disable iPhone Mirroring on Mac. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016400 - Apple iOS/iPadOS 18 must disable automatic downloads of apps purchased on other Apple devices. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016500 - Apple iOS/iPadOS 18 must disable pairing with a host Mac or PC. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| OL09-00-000001 - The OL 9 operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest. | DISA Oracle Linux 9 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL09-00-000065 - OL 9 must enable the SELinux targeted policy. | DISA Oracle Linux 9 STIG v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| OL09-00-000302 - OL 9 must use a file integrity tool that is configured to use FIPS 140-3-approved cryptographic hashes for validating file contents and directories. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000321 - OL 9 must enable the USBGuard package. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000370 - OL 9 must have the rng-tools package installed. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| OL09-00-000745 - OL 9 must be configured so that successful/unsuccessful uses of the shutdown command generate an audit record. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-002021 - OL 9 must prevent special devices on file systems that are used with removable media. | DISA Oracle Linux 9 STIG v1r2 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-232030 - Ubuntu 22.04 LTS must configure "/var/log/syslog" file with mode "640" or less permissive. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-232125 - Ubuntu 22.04 LTS must configure the "/var/log" directory to be group-owned by "syslog". | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| UBTU-22-611045 - Ubuntu 22.04 LTS must be configured so that when passwords are changed or new passwords are established, pwquality must be used. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | CONFIGURATION MANAGEMENT |
| UBTU-22-611070 - Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashing algorithm. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-653030 - Ubuntu 22.04 LTS must shut down by default upon audit failure. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654020 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654085 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654100 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the su command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654165 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654180 - Ubuntu 22.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654215 - Ubuntu 22.04 LTS must generate audit records for the use and modification of the lastlog file. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654220 - Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers file occur. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-CC-000140 - Windows Server 2022 group policy objects must be reprocessed even if they have not changed. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000170 - Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-CC-000310 - Windows Server 2022 Explorer Data Execution Prevention must be enabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN22-CC-000360 - Windows Server 2022 Remote Desktop Services must always prompt a client for passwords upon connection. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-CC-000410 - Windows Server 2022 must prevent Indexing of encrypted files. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000120 - Windows Server 2022 data files owned by users must be on a different logical partition from the directory server data files. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000130 - Windows Server 2022 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000380 - Windows Server 2022 Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000406 - Windows Server 2022 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000430 - The password for the krbtgt account on a domain must be reset at least every 180 days. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-MS-000100 - Windows Server 2022 Deny log on as a service user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts. No other groups or accounts must be assigned this right. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-SO-000100 - Windows Server 2022 maximum age for machine account passwords must be configured to 30 days or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000260 - Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity instead of authenticating anonymously. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-SO-000400 - Windows Server 2022 User Account Control (UAC) must, at a minimum, prompt administrators for consent on the secure desktop. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
