| 18.3.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - 7zG.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - chrome.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - communicator.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - Firefox plugin-container.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - firefox.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - rar.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - wlmail.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - wmplayer.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - EXCEL.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - LYNC.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.7 Ensure 'System DEP' is set to 'Enabled: Application Opt-Out' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.30.4 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AADC-CL-001015 - Adobe Acrobat Pro DC Classic Protected View must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ADBP-XI-000205 - Adobe Acrobat Pro XI Enhanced Security for standalone mode must be enabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ADBP-XI-000210 - Adobe Acrobat Pro XI Enhanced Security for browser mode must be enabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ADBP-XI-001010 - Adobe Acrobat Pro XI Protected Mode must be enabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ADBP-XI-001015 - Adobe Acrobat Pro XI Protected View must be enabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPNET0065 - Trust must be established prior to enabling the loading of remote code in .Net 4. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPNET0070 - Software utilizing .Net 4.0 must be identified and relevant access controls configured. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000310 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000310 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000620 - Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-000620 - The Exchange Email application must not share a partition with another application. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000230 Exchange software must be installed on a separate partition from the OS. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000229 The Exchange email application must not share a partition with another application. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 COPE v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 COPE v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 COPE v2r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | AirWatch - DISA Google Android 14 BYOAD v1r1 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-012300 - SQL Server must maintain a separate execution domain for each executing process. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-012400 - SQL Server services must be configured to run under unique dedicated user accounts. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6010 IIS6 - The web site must have a unique application pool. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
