| 1.4.1 Ensure bootloader password is set - password grub | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| AIX7-00-003102 - AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-002009 The macOS system must disable AirDrop. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-14-002038 The macOS system must disable Trivial File Transfer Protocol service. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-14-005058 The macOS system must disable Handoff. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-002009 - The macOS system must disable AirDrop. | DISA Apple macOS 15 (Sequoia) STIG v1r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-002038 - The macOS system must disable Trivial File Transfer Protocol (TFTP) service. | DISA Apple macOS 15 (Sequoia) STIG v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| APPL-15-005058 - The macOS system must disable Handoff. | DISA Apple macOS 15 (Sequoia) STIG v1r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-000400 - DB2 must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | ACCESS CONTROL |
| DKER-EE-001190 - Docker Enterprise sensitive host system directories must not be mounted on containers. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WebSiteSSLEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX13-EG-000010 - Exchange servers must use approved DoD certificates. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v3r2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000075 - JBoss management interfaces must be secured. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| JUSX-AG-000019 - For User Role Firewalls, the Juniper SRX Services Gateway Firewall must employ user attribute-based security policies to enforce approved authorizations for logical access to information and system resources. | DISA Juniper SRX Services Gateway ALG v3r2 | Juniper | ACCESS CONTROL |
| O121-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy. | DISA STIG Oracle 12c v3r2 Database | OracleDB | ACCESS CONTROL |
| RHEL-06-000070 - The system must not permit interactive boot. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| SRG-OS-000080-ESXI5 - System BIOS or system controllers supporting password protection must have administrator accounts/passwords configured, and no others. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | ACCESS CONTROL |
| TCAT-AS-000060 - Default password for keystore must be changed. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000150 - The WebSphere Application Server users in a local user registry group must be authorized for that group. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WBSP-AS-000220 - The WebSphere Application Server users in the admin role must be authorized. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WN10-UR-000080 - The Deny log on as a service user right on Windows 10 domain-joined workstations must be configured to prevent access from highly privileged domain accounts. | DISA Windows 10 STIG v3r2 | Windows | ACCESS CONTROL |
| WN10-UR-000090 - The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Windows 10 STIG v3r2 | Windows | ACCESS CONTROL |
| WN12-GE-000012 - Nonadministrative user accounts or groups must only have print permissions on printer shares. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000002-DC - Unauthorized accounts must not have the Access this computer from the network user right on domain controllers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000005 - The Allow log on locally user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000006-DC - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000006-MS - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group and other approved groups. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000017-DC - The Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000017-MS - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000018-MS - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000019-DC - The Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000019-MS - The Deny log on as a service user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000020-MS - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000021-DC - The Deny log on through Remote Desktop Services user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000021-MS - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-00-000150 - Local volumes must use a format that supports NTFS attributes. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN16-DC-000380 - The Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN16-MS-000370 - The 'Deny access to this computer from the network' user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and from unauthenticated access on all systems - Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and from unauthenticated access on all systems. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
| WN19-DC-000370 - Windows Server 2019 Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r3 | Windows | ACCESS CONTROL |
| WN19-DC-000400 - Windows Server 2019 Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2019 STIG v3r3 | Windows | ACCESS CONTROL |
| WN19-MS-000110 - Windows Server 2019 'Deny log on locally' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2019 STIG v3r3 | Windows | ACCESS CONTROL |
| WN19-UR-000030 - Windows Server 2019 Allow log on locally user right must only be assigned to the Administrators group. | DISA Microsoft Windows Server 2019 STIG v3r3 | Windows | ACCESS CONTROL |
