| APPL-12-000003 - The macOS system must initiate the session lock no more than five seconds after a screen saver is started. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003624 - The system must use a separate filesystem for /tmp (or equivalent). | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003830 - The rlogind service must not be running. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive - httpd-standalone-ipp.conf | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004370 - The aliases file must be group-owned by root, sys, smmsp, or bin. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN004460 - The system syslog service must log informational and more severe SMTP service messages. | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN004840 - If the system is an anonymous FTP server, it must be isolated to the DMZ network. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005120 - The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell, such as /bin/false, and a home directory owned by the TFTP user. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005350 - Management Information Base (MIB) files must not have extended ACLs. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /etc/snmp/conf/snmpd.conf | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005365 - The snmpd.conf file must be group-owned by root, sys, or bin - /usr/sfw/lib/sma_snmp/snmpd.conf | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005390 - The /etc/syslog.conf file must have mode 0640 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005511 - The SSH client must be configured to not use CBC-based ciphers. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005523 - The SSH private host key files must have mode 0600 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005539 - The SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005540 - The SSH daemon must be configured for IP filtering - hosts.deny | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005600 - IP forwarding for IPv4 must not be enabled, unless the system is a router. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005610 - The system must not have IP forwarding for IPv6 enabled, unless the system is an IPv6 router. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005740 - The NFS export configuration file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005860 - The system's NFS export configuration must not have the sec option set to none (or equivalent); additionally, the default authentication must not to be set to none - sec=none | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN005880 - The NFS server must not allow remote root access. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006060 - The system must not run Samba unless needed. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006100 - The smb.conf file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006220 - The smb.conf file must use the hosts option to restrict access to Samba. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006260 - The /etc/news/hosts.nntp (or equivalent) must have mode 0600 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN006420 - NIS maps must be protected through hard-to-guess domain names. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN006565 - The system package management tool must be used to verify system software periodically. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| GEN006571 - The file integrity tool must be configured to verify extended attributes - used | DISA STIG Solaris 10 SPARC v2r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| GEN006575 - The file integrity tool must use FIPS 140-2 approved cryptographic hashes for validating file contents - used | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN007840 - The DHCP client must be disabled if not needed. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN007980 - If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms - configured | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN008120 - If the system is using LDAP for authentication or account information, the /etc/ldap.conf (or equivalent) file must not have an extended ACL - ldap_client_file | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008140 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be owned by root - cert8.db | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008140 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be owned by root - secmod.db | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008160 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must be group-owned by root, bin, or sys - secmod.db | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008180 - If the system is using LDAP for authentication or account information, the TLS certificate authority file and/or directory (as appropriate) must have mode 0644 (0755 for directories) or less permissive - secmod.db | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| SOL-11.1-020540 - .Xauthority or X*.hosts (or equivalent) file(s) must be used to restrict access to the X server. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-030030 - Generic Security Services (GSS) must be disabled. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040080 - The operating system must enforce password complexity requiring that at least one lowercase character is used. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040090 - The system must require passwords to contain at least one numeric character. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040250 - The default umask for system and users must be 077. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040430 - Logins to the root account must be restricted to the system console only. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040480 - The operating system must not allow logins for users with blank passwords. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-050030 - The system must not respond to ICMP broadcast timestamp requests. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-050070 - The system must ignore ICMP redirect messages. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-050110 - The system must set maximum number of half-open TCP connections to 4096. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-070170 - The system must not allow users to configure .forward files. | DISA STIG Solaris 11 SPARC v3r1 | Unix | CONFIGURATION MANAGEMENT |
