| EPAS-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | ACCESS CONTROL |
| EPAS-00-010000 - The EDB Postgres Advanced Server must generate audit records when security objects are accessed. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010100 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to access security objects occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010800 - The EDB Postgres Advanced Server must generate audit records when security objects are modified. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-010900 - The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to modify security objects occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EPAS-00-011800 - The EDB Postgres Advanced Server must generate audit records when successful logons or connections occur. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000055 - The FortiGate device must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | ACCESS CONTROL |
| FGFW-ND-000065 - The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000135 - The FortiGate device must protect audit tools from unauthorized access. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000050 - The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server - enc-algorithm | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000050 - The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server. - set server | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. - policy | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. - policy6 | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopen | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000165 - The FortiGate firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate. | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| GOOG-11-000200 - Google Android 11 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-000300 - Google Android 11 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-000400 - Google Android 11 must be configured to lock the display after 15 minutes (or less) of inactivity. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-002800 - Google Android 11 must be configured to disable developer modes. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-008700 - Google Android 11 users must complete required training. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-008700 - Google Android 11 users must complete required training. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-008800 - Google Android 11 must be configured to enforce that Wi-Fi Sharing is disabled. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-008800 - Google Android 11 must be configured to enforce that Wi-Fi Sharing is disabled. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-008800 - Google Android 11 must be configured to enforce that Wi-Fi Sharing is disabled. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-009000 - Google Android 11 must have the DoD root and intermediate PKI certificates installed. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-009400 - Google Android 11 work profile must be configured to enforce the system application disable list. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-010200 - Google Android 11 must be configured to disallow configuration of date and time. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-010200 - Google Android 11 must be configured to disallow configuration of date and time. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-11-010200 - Google Android 11 must be configured to disallow configuration of date and time. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006300 - Google Android 12 must be configured to lock the display after 15 minutes (or less) of inactivity. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | ACCESS CONTROL |
| GOOG-12-006300 - Google Android 12 must be configured to lock the display after 15 minutes (or less) of inactivity. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | ACCESS CONTROL |
| GOOG-12-006400 - Google Android 12 must be configured to not allow more than 10 consecutive failed authentication attempts. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | ACCESS CONTROL |
| GOOG-12-006500 - Google Android 12 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-006700 - Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-007800 - Google Android 12 must be configured to generate audit records for the following auditable events: detected integrity violations. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | AUDIT AND ACCOUNTABILITY |
| GOOG-12-008400 - Google Android 12 must be configured to disable USB mass storage mode. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008400 - Google Android 12 must be configured to disable USB mass storage mode. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-009500 - Google Android 12 must be configured to disable ad hoc wireless client-to-client connection capability. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-010000 - Google Android 12 must have the DoD root and intermediate PKI certificates installed. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010500 - Google Android 12 Work Profile must be configured to disable the autofill services. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-12-010600 - Google Android 12 must be configured to disallow configuration of date and time. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-706300 - Google Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL |
| GOOG-13-706400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL |
| GOOG-13-709800 - Google Android 13 users must complete required training. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-710300 - Google Android 13 must be provisioned as a BYOAD device (Android work profile for employee-owned devices [BYOD]). | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
| GOOG-13-710500 - The Google Android 13 work profile must be configured to disable the autofill services. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | CONFIGURATION MANAGEMENT |
