SRG-OS-000095-GPOS-00049 Controls

STIG IDVersionTitleProduct
AZLX-23-000305V1R2Amazon Linux 2023 must not have the sendmail package installed.Amazon Linux 2023
AZLX-23-000310V1R2Amazon Linux 2023 must not have the nfs-utils package installed.Amazon Linux 2023
AZLX-23-000315V1R2Amazon Linux 2023 must not have the telnet-server package installed.Amazon Linux 2023
AZLX-23-000320V1R2Amazon Linux 2023 must not have the gssproxy package installed.Amazon Linux 2023
AZLX-23-001085V1R2Amazon Linux 2023 must be configured to disable nonessential capabilities.Amazon Linux 2023
ALMA-09-028510V1R5AlmaLinux OS 9 must disable remote management of the chrony daemon.AlmaLinux OS 9
ALMA-09-028620V1R5AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.AlmaLinux OS 9
ALMA-09-028730V1R5AlmaLinux OS 9 must not have the iprutils package installed.AlmaLinux OS 9
ALMA-09-028840V1R5AlmaLinux OS 9 must not have the quagga package installed.AlmaLinux OS 9
ALMA-09-028950V1R5AlmaLinux OS 9 must not have the sendmail package installed.AlmaLinux OS 9
ALMA-09-029170V1R5AlmaLinux OS 9 must not have a Trivial File Transfer Protocol (TFTP) client package installed.AlmaLinux OS 9
ALMA-09-029390V1R5AlmaLinux OS 9 must not have the cups package installed.AlmaLinux OS 9
ALMA-09-029500V1R5AlmaLinux OS 9 must not have the gssproxy package installed.AlmaLinux OS 9
ALMA-09-029610V1R5AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module.AlmaLinux OS 9
ALMA-09-029720V1R5AlmaLinux OS 9 must be configured to disable Bluetooth.AlmaLinux OS 9
ALMA-09-029830V1R5AlmaLinux OS 9 must disable the Controller Area Network (CAN) kernel module.AlmaLinux OS 9
ALMA-09-029940V1R5AlmaLinux OS 9 must disable mounting of cramfs.AlmaLinux OS 9
ALMA-09-030050V1R5AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.AlmaLinux OS 9
ALMA-09-030160V1R5AlmaLinux OS 9 must disable mounting of squashfs.AlmaLinux OS 9
ALMA-09-030270V1R5AlmaLinux OS 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.AlmaLinux OS 9
ALMA-09-030380V1R5AlmaLinux OS 9 must disable mounting of udf.AlmaLinux OS 9
ALMA-09-030490V1R5Cameras must be disabled or covered when not in use.AlmaLinux OS 9
ALMA-09-030600V1R5AlmaLinux OS 9 must not have the nfs-utils package installed.AlmaLinux OS 9
ALMA-09-030710V1R5AlmaLinux OS 9 must not have the rsh package installed.AlmaLinux OS 9
ALMA-09-030820V1R5AlmaLinux OS 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.AlmaLinux OS 9
ALMA-09-030930V1R5AlmaLinux OS 9 must not have the tuned package installed.AlmaLinux OS 9
ALMA-09-031040V1R5A graphical display manager must not be installed on AlmaLinux OS 9 unless approved.AlmaLinux OS 9
ALMA-09-031150V1R5AlmaLinux OS 9 must not have the ypserv package installed.AlmaLinux OS 9
ALMA-09-031260V1R5AlmaLinux OS 9 must not have the avahi package installed.AlmaLinux OS 9
ALMA-09-031370V1R5AlmaLinux OS 9 must be configured to disable USB mass storage.AlmaLinux OS 9
APPL-13-002001V1R5The macOS system must be configured to disable SMB File Sharing unless it is required.macOS 13 - Ventura
APPL-13-002003V1R5The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.macOS 13 - Ventura
APPL-13-002004V1R5The macOS system must be configured to disable Location Services.macOS 13 - Ventura
APPL-13-002005V1R5The macOS system must be configured to disable Bonjour multicast advertising.macOS 13 - Ventura
APPL-13-002006V1R5The macOS system must be configured to disable the UUCP service.macOS 13 - Ventura
APPL-13-002007V1R5The macOS system must be configured to disable Internet Sharing.macOS 13 - Ventura
APPL-13-002008V1R5The macOS system must be configured to disable Web Sharing.macOS 13 - Ventura
APPL-13-002009V1R5The macOS system must be configured to disable AirDrop.macOS 13 - Ventura
APPL-13-002012V1R5The macOS system must be configured to disable the iCloud Calendar services.macOS 13 - Ventura
APPL-13-002013V1R5The macOS system must be configured to disable the iCloud Reminders services.macOS 13 - Ventura
APPL-13-002014V1R5The macOS system must be configured to disable iCloud Address Book services.macOS 13 - Ventura
APPL-13-002015V1R5The macOS system must be configured to disable the iCloud Mail services.macOS 13 - Ventura
APPL-13-002016V1R5The macOS system must be configured to disable the iCloud Notes services.macOS 13 - Ventura
APPL-13-002017V1R5The macOS system must cover or disable the built-in or attached camera when not in use.macOS 13 - Ventura
APPL-13-002020V1R5The macOS system must be configured to disable Siri and dictation.macOS 13 - Ventura
APPL-13-002032V1R5The macOS system must be configured to disable the system preference pane for Internet Accounts.macOS 13 - Ventura
APPL-13-002035V1R5The macOS system must be configured to disable the Cloud Setup services.macOS 13 - Ventura
APPL-13-002036V1R5The macOS system must be configured to disable the Privacy Setup services.macOS 13 - Ventura
APPL-13-002037V1R5The macOS system must be configured to disable the Cloud Storage Setup services.macOS 13 - Ventura
APPL-13-002039V1R5The macOS system must be configured to disable the Siri Setup services.macOS 13 - Ventura
APPL-13-002040V1R5The macOS system must disable iCloud Keychain synchronization.macOS 13 - Ventura
APPL-13-002041V1R5The macOS system must disable iCloud Document synchronization.macOS 13 - Ventura
APPL-13-002042V1R5The macOS system must disable iCloud Bookmark synchronization.macOS 13 - Ventura
APPL-13-002043V1R5The macOS system must disable the iCloud Photo Library.macOS 13 - Ventura
APPL-13-002051V1R5The macOS system must be configured to disable the system preference pane for TouchID and Password.macOS 13 - Ventura
APPL-13-002052V1R5The macOS system must be configured to disable the system preference pane for Wallet and ApplePay.macOS 13 - Ventura
APPL-13-002053V1R5The macOS system must be configured to disable the system preference pane for Siri.macOS 13 - Ventura
APPL-13-005054V1R5The macOS system must be configured to disable prompts to configure Touch ID.macOS 13 - Ventura
APPL-13-005055V1R5The macOS system must be configured to disable prompts to configure ScreenTime.macOS 13 - Ventura
APPL-13-005056V1R5The macOS system must be configured to disable prompts to configure Unlock with Watch.macOS 13 - Ventura
APPL-13-005058V1R5The macOS system must be configured to prevent activity continuation between Apple devices.macOS 13 - Ventura
APPL-13-005060V1R5The macOS system must be configured to prevent password proximity sharing requests from nearby Apple devices.macOS 13 - Ventura
APPL-13-005061V1R5The macOS system must be configured to prevent users from erasing all system content and settings.macOS 13 - Ventura
APPL-14-002004V2R4The macOS system must disable Location Services.macOS 14 - Sonoma
APPL-14-002005V2R4The macOS system must disable Bonjour multicast.macOS 14 - Sonoma
APPL-14-002007V2R4The macOS system must disable Internet Sharing.macOS 14 - Sonoma
APPL-14-002010V2R4The macOS system must disable FaceTime.app.macOS 14 - Sonoma
APPL-14-002012V2R4The macOS system must disable the iCloud Calendar services.macOS 14 - Sonoma
APPL-14-002013V2R4The macOS system must disable iCloud Reminders.macOS 14 - Sonoma
APPL-14-002014V2R4The macOS system must disable iCloud Address Book.macOS 14 - Sonoma
APPL-14-002015V2R4The macOS system must disable iCloud Mail.macOS 14 - Sonoma
APPL-14-002016V2R4The macOS system must disable iCloud Notes.macOS 14 - Sonoma
APPL-14-002017V2R4The macOS system must disable the camera.macOS 14 - Sonoma
APPL-14-002020V2R4The macOS system must disable Siri.macOS 14 - Sonoma
APPL-14-002035V2R4The macOS system must disable Apple ID setup during Setup Assistant.macOS 14 - Sonoma
APPL-14-002036V2R4The macOS system must disable Privacy Setup services during Setup Assistant.macOS 14 - Sonoma
APPL-14-002037V2R4The macOS system must disable iCloud Storage Setup during Setup Assistant.macOS 14 - Sonoma
APPL-14-002039V2R4The macOS system must disable Siri Setup during Setup Assistant.macOS 14 - Sonoma
APPL-14-002040V2R4The macOS system must disable iCloud Keychain synchronization.macOS 14 - Sonoma
APPL-14-002041V2R4The macOS system must disable iCloud Document synchronization.macOS 14 - Sonoma
APPL-14-002042V2R4The macOS system must disable iCloud Bookmarks.macOS 14 - Sonoma
APPL-14-002043V2R4The macOS system must disable iCloud Photo Library.macOS 14 - Sonoma
APPL-14-002051V2R4The macOS system must disable the TouchID System Settings pane.macOS 14 - Sonoma
APPL-14-002052V2R4The macOS system must disable the System Settings pane for Wallet and Apple Pay.macOS 14 - Sonoma
APPL-14-002053V2R4The macOS system must disable the system settings pane for Siri.macOS 14 - Sonoma
APPL-14-002080V2R4The macOS system must disable Airplay Receiver.macOS 14 - Sonoma
APPL-14-002120V2R4The macOS system must disable AppleID and Internet Account modifications.macOS 14 - Sonoma
APPL-14-002130V2R4The macOS system must disable CD/DVD Sharing.macOS 14 - Sonoma
APPL-14-002140V2R4The macOS system must disable content caching service.macOS 14 - Sonoma
APPL-14-002150V2R4The macOS system must disable iCloud desktop and document folder synchronization.macOS 14 - Sonoma
APPL-14-002160V2R4The macOS system must disable iCloud Game Center.macOS 14 - Sonoma
APPL-14-002170V2R4The macOS system must disable iCloud Private Relay.macOS 14 - Sonoma
APPL-14-002180V2R4The macOS system must disable Find My service.macOS 14 - Sonoma
APPL-14-002190V2R4The macOS system must disable password autofill.macOS 14 - Sonoma
APPL-14-002200V2R4The macOS system must disable personalized advertising.macOS 14 - Sonoma
APPL-14-002210V2R4The macOS system must disable sending Siri and Dictation information to Apple.macOS 14 - Sonoma
APPL-14-002220V2R4The macOS system must enforce on device dictation.macOS 14 - Sonoma
APPL-14-002230V2R4The macOS system must disable dictation.macOS 14 - Sonoma
APPL-14-002240V2R4The macOS system must disable Printer Sharing.macOS 14 - Sonoma
APPL-14-002250V2R4The macOS system must disable Remote Management.macOS 14 - Sonoma
APPL-14-002260V2R4The macOS system must disable the Bluetooth system settings pane.macOS 14 - Sonoma
APPL-14-002270V2R4The macOS system must disable the iCloud Freeform services.macOS 14 - Sonoma
APPL-14-005054V2R4The macOS system must disable TouchID prompt during Setup Assistant.macOS 14 - Sonoma
APPL-14-005055V2R4The macOS system must disable Screen Time prompt during Setup Assistant.macOS 14 - Sonoma
APPL-14-005056V2R4The macOS system must disable Unlock with Apple Watch during Setup Assistant.macOS 14 - Sonoma
APPL-14-005060V2R4The macOS system must disable proximity-based password sharing requests.macOS 14 - Sonoma
APPL-14-005061V2R4The macOS system must disable Erase Content and Settings.macOS 14 - Sonoma
APPL-15-002004V1R6The macOS system must disable Location Services.macOS 15 - Sequoia
APPL-15-002005V1R6The macOS system must disable Bonjour multicast.macOS 15 - Sequoia
APPL-15-002007V1R6The macOS system must disable Internet Sharing.macOS 15 - Sequoia
APPL-15-002010V1R6The macOS system must disable FaceTime.app.macOS 15 - Sequoia
APPL-15-002012V1R6The macOS system must disable the iCloud Calendar services.macOS 15 - Sequoia
APPL-15-002013V1R6The macOS system must disable iCloud Reminders.macOS 15 - Sequoia
APPL-15-002014V1R6The macOS system must disable iCloud Address Book.macOS 15 - Sequoia
APPL-15-002015V1R6The macOS system must disable iCloud Mail.macOS 15 - Sequoia
APPL-15-002016V1R6The macOS system must disable iCloud Notes.macOS 15 - Sequoia
APPL-15-002017V1R6The macOS system must disable the camera.macOS 15 - Sequoia
APPL-15-002020V1R6The macOS system must disable Siri.macOS 15 - Sequoia
APPL-15-002035V1R6The macOS system must disable Apple ID setup during Setup Assistant.macOS 15 - Sequoia
APPL-15-002036V1R6The macOS system must disable Privacy Setup services during Setup Assistant.macOS 15 - Sequoia
APPL-15-002037V1R6The macOS system must disable iCloud storage setup during Setup Assistant.macOS 15 - Sequoia
APPL-15-002039V1R6The macOS system must disable Siri Setup during Setup Assistant.macOS 15 - Sequoia
APPL-15-002040V1R6The macOS system must disable iCloud Keychain Sync.macOS 15 - Sequoia
APPL-15-002041V1R6The macOS system must disable iCloud Document Sync.macOS 15 - Sequoia
APPL-15-002042V1R6The macOS system must disable iCloud Bookmarks.macOS 15 - Sequoia
APPL-15-002043V1R6The macOS system must disable iCloud Photo Library.macOS 15 - Sequoia
APPL-15-002052V1R6The macOS system must disable the System Settings pane for Wallet and Apple Pay.macOS 15 - Sequoia
APPL-15-002053V1R6The macOS system must disable the system settings pane for Siri.macOS 15 - Sequoia
APPL-15-002080V1R6The macOS system must disable Airplay Receiver.macOS 15 - Sequoia
APPL-15-002120V1R6The macOS system must disable AppleID and internet Account Modification.macOS 15 - Sequoia
APPL-15-002140V1R6The macOS system must disable Content Caching service.macOS 15 - Sequoia
APPL-15-002150V1R6The macOS system must disable iCloud Desktop and Document folder sync.macOS 15 - Sequoia
APPL-15-002160V1R6The macOS system must disable iCloud Game Center.macOS 15 - Sequoia
APPL-15-002170V1R6The macOS system must disable iCloud Private Relay.macOS 15 - Sequoia
APPL-15-002180V1R6The macOS system must disable Find My service.macOS 15 - Sequoia
APPL-15-002200V1R6The macOS system must disable Personalized Advertising.macOS 15 - Sequoia
APPL-15-002210V1R6The macOS system must disable sending Siri and Dictation information to Apple.macOS 15 - Sequoia
APPL-15-002220V1R6The macOS system must enforce On Device Dictation.macOS 15 - Sequoia
APPL-15-002230V1R6The macOS system must disable Dictation.macOS 15 - Sequoia
APPL-15-002240V1R6The macOS system must disable Printer Sharing.macOS 15 - Sequoia
APPL-15-002250V1R6The macOS system must disable Remote Management.macOS 15 - Sequoia
APPL-15-002260V1R6The macOS system must disable the Bluetooth System Settings pane.macOS 15 - Sequoia
APPL-15-002270V1R6The macOS system must disable the iCloud Freeform services.macOS 15 - Sequoia
APPL-15-005054V1R6The macOS system must disable the TouchID prompt during Setup Assistant.macOS 15 - Sequoia
APPL-15-005055V1R6The macOS system must disable the Screen Time prompt during Setup Assistant.macOS 15 - Sequoia
APPL-15-005056V1R6The macOS system must disable Unlock with Apple Watch during Setup Assistant.macOS 15 - Sequoia
APPL-15-005060V1R6The macOS system must disable proximity-based password sharing requests.macOS 15 - Sequoia
APPL-15-005061V1R6The macOS system must disable Erase Content and Settings.macOS 15 - Sequoia
APPL-15-005140V1R6The macOS system must disable Genmoji.macOS 15 - Sequoia
APPL-15-005150V1R6The macOS system must disable Apple Intelligence Image Generation.macOS 15 - Sequoia
APPL-15-005160V1R6The macOS system must disable Apple Intelligence Writing Tools.macOS 15 - Sequoia
APPL-15-002023V1R6The macOS system must disable sending audio recordings and transcripts to Apple.macOS 15 - Sequoia
APPL-15-002024V1R6The macOS system must disable sending search data from Spotlight to Apple.macOS 15 - Sequoia
OL07-00-020000V3R5Oracle Linux 7 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.Oracle Linux 7
OL07-00-020010V3R5The Oracle Linux operating system must not have the ypserv package installed.Oracle Linux 7
OL07-00-021710V3R5The Oracle Linux operating system must not have the telnet-server package installed.Oracle Linux 7
OL08-00-030741V2R7OL 8 must disable the chrony daemon from acting as a server.Oracle Linux 8
OL08-00-030742V2R7OL 8 must disable network management of the chrony daemon.Oracle Linux 8
OL08-00-040000V2R7OL 8 must not have the telnet-server package installed.Oracle Linux 8
OL08-00-040001V2R7OL 8 must not have any automated bug reporting tools installed.Oracle Linux 8
OL08-00-040002V2R7OL 8 must not have the sendmail package installed.Oracle Linux 8
OL08-00-040004V2R7OL 8 must enable mitigations against processor-based vulnerabilities.Oracle Linux 8
OL08-00-040010V2R7OL 8 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.Oracle Linux 8
OL08-00-040020V2R7OL 8 must cover or disable the built-in or attached camera when not in use.Oracle Linux 8
OL08-00-040024V2R7OL 8 must disable the transparent inter-process communication (TIPC) protocol.Oracle Linux 8
OL08-00-040025V2R7OL 8 must disable mounting of cramfs.Oracle Linux 8
OL08-00-040026V2R7OL 8 must disable IEEE 1394 (FireWire) Support.Oracle Linux 8
OL09-00-000040V1R4OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.Oracle Linux 9
OL09-00-000041V1R4OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.Oracle Linux 9
OL09-00-000042V1R4OL 9 must be configured to disable the FireWire kernel module.Oracle Linux 9
OL09-00-000043V1R4OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.Oracle Linux 9
OL09-00-000044V1R4OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.Oracle Linux 9
OL09-00-000045V1R4OL 9 must disable mounting of cramfs.Oracle Linux 9
OL09-00-000046V1R4OL 9 Bluetooth must be disabled.Oracle Linux 9
OL09-00-000100V1R4OL 9 must not have the nfs-utils package installed.Oracle Linux 9
OL09-00-000105V1R4OL 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.Oracle Linux 9
OL09-00-000110V1R4OL 9 must not have the telnet-server package installed.Oracle Linux 9
OL09-00-000115V1R4OL 9 must not have the gssproxy package installed.Oracle Linux 9
OL09-00-000120V1R4OL 9 must not have the iprutils package installed.Oracle Linux 9
OL09-00-000125V1R4OL 9 must not have the tuned package installed.Oracle Linux 9
OL09-00-000150V1R4OL 9 must not have the sendmail package installed.Oracle Linux 9
RHEL-10-200010V1R1RHEL 10 must not have the "nfs-utils" package installed.Red Hat Enterprise Linux 10
RHEL-10-200020V1R1RHEL 10 must not have the "telnet-server" package installed.Red Hat Enterprise Linux 10
RHEL-10-200030V1R1RHEL 10 must not have the "gssproxy" package installed.Red Hat Enterprise Linux 10
RHEL-10-200040V1R1RHEL 10 must not have the tuned package installed.Red Hat Enterprise Linux 10
RHEL-10-200050V1R1RHEL 10 must not have a Trivial File Transfer Protocol (TFTP) server package installed unless it is required by the mission, and if required, the TFTP daemon must be configured to operate in secure mode.Red Hat Enterprise Linux 10
RHEL-10-200060V1R1RHEL 10 must not have the unbound package installed.Red Hat Enterprise Linux 10
RHEL-10-200080V1R1RHEL 10 must not have the "gdm" package installed.Red Hat Enterprise Linux 10
RHEL-10-200510V1R1RHEL 10 must have the "nss-tools" package installed.Red Hat Enterprise Linux 10
RHEL-10-200580V1R1RHEL 10 must have the "policycoreutils-python-utils" package installed.Red Hat Enterprise Linux 10
RHEL-10-200692V1R1RHEL 10 must be configured to prevent unrestricted mail relaying.Red Hat Enterprise Linux 10
RHEL-10-200700V1R1RHEL 10 must have the "cronie" package installed.Red Hat Enterprise Linux 10
RHEL-10-200722V1R1RHEL 10 must have the "openssh-clients" package installed.Red Hat Enterprise Linux 10
RHEL-10-200740V1R1RHEL 10 must have the "gnutls-utils" package installed.Red Hat Enterprise Linux 10
RHEL-10-400230V1R1RHEL 10 must be configured to prohibit modification of permissions for cron configuration files and directories from the operating system defaults.Red Hat Enterprise Linux 10
RHEL-10-400500V1R1RHEL 10 must prohibit local initialization files from executing world-writable programs.Red Hat Enterprise Linux 10
RHEL-10-700640V1R1RHEL 10 must not allow users to override Secure Shell (SSH) environment variables.Red Hat Enterprise Linux 10
RHEL-10-700840V1R1RHEL 10 must disable the user list at login for graphical user interfaces.Red Hat Enterprise Linux 10
RHEL-10-700860V1R1RHEL 10 must disable Bluetooth.Red Hat Enterprise Linux 10
RHEL-10-700940V1R1RHEL 10 must not default to the graphical display manager unless approved.Red Hat Enterprise Linux 10
RHEL-10-700980V1R1RHEL 10 must disable the ability of systemd to spawn an interactive boot process.Red Hat Enterprise Linux 10
RHEL-10-701090V1R1RHEL 10 must disable the "kernel.core_pattern".Red Hat Enterprise Linux 10
RHEL-10-701100V1R1RHEL 10 must be configured to disable the Controller Area Network (CAN) kernel module.Red Hat Enterprise Linux 10
RHEL-10-701110V1R1RHEL 10 must disable the Stream Control Transmission Protocol (SCTP) kernel module.Red Hat Enterprise Linux 10
RHEL-10-701120V1R1RHEL 10 must disable the Transparent Inter Process Communication (TIPC) kernel module.Red Hat Enterprise Linux 10
RHEL-10-701150V1R1RHEL 10 must disable core dump backtraces.Red Hat Enterprise Linux 10
RHEL-10-701160V1R1RHEL 10 must disable storing core dumps.Red Hat Enterprise Linux 10
RHEL-10-701170V1R1RHEL 10 must disable core dumps for all users.Red Hat Enterprise Linux 10
RHEL-07-020000V3R9The Red Hat Enterprise Linux operating system must not have the rsh-server package installed.Red Hat Enterprise Linux 7
RHEL-07-020010V3R9The Red Hat Enterprise Linux operating system must not have the ypserv package installed.Red Hat Enterprise Linux 7
RHEL-07-021710V3R9The Red Hat Enterprise Linux operating system must not have the telnet-server package installed.Red Hat Enterprise Linux 7
RHEL-08-030741V2R6RHEL 8 must disable the chrony daemon from acting as a server.Red Hat Enterprise Linux 8
RHEL-08-030742V2R6RHEL 8 must disable network management of the chrony daemon.Red Hat Enterprise Linux 8
RHEL-08-040000V2R6RHEL 8 must not have the telnet-server package installed.Red Hat Enterprise Linux 8
RHEL-08-040001V2R6RHEL 8 must not have any automated bug reporting tools installed.Red Hat Enterprise Linux 8
RHEL-08-040002V2R6RHEL 8 must not have the sendmail package installed.Red Hat Enterprise Linux 8
RHEL-08-040004V2R6RHEL 8 must enable mitigations against processor-based vulnerabilities.Red Hat Enterprise Linux 8
RHEL-08-040010V2R6RHEL 8 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.Red Hat Enterprise Linux 8
RHEL-08-040020V2R6RHEL 8 must cover or disable the built-in or attached camera when not in use.Red Hat Enterprise Linux 8
RHEL-08-040021V2R6RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.Red Hat Enterprise Linux 8
RHEL-08-040022V2R6RHEL 8 must disable the controller area network (CAN) protocol.Red Hat Enterprise Linux 8
RHEL-08-040023V2R6RHEL 8 must disable the stream control transmission protocol (SCTP).Red Hat Enterprise Linux 8
RHEL-08-040024V2R6RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.Red Hat Enterprise Linux 8
RHEL-08-040025V2R6RHEL 8 must disable mounting of cramfs.Red Hat Enterprise Linux 8
RHEL-08-040026V2R6RHEL 8 must disable IEEE 1394 (FireWire) Support.Red Hat Enterprise Linux 8
RHEL-09-213045V2R7RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.Red Hat Enterprise Linux 9
RHEL-09-213050V2R7RHEL 9 must be configured to disable the Controller Area Network kernel module.Red Hat Enterprise Linux 9
RHEL-09-213055V2R7RHEL 9 must be configured to disable the FireWire kernel module.Red Hat Enterprise Linux 9
RHEL-09-213060V2R7RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.Red Hat Enterprise Linux 9
RHEL-09-213065V2R7RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.Red Hat Enterprise Linux 9
RHEL-09-215025V2R7RHEL 9 must not have the nfs-utils package installed.Red Hat Enterprise Linux 9
RHEL-09-215030V2R7RHEL 9 must not have the ypserv package installed.Red Hat Enterprise Linux 9
RHEL-09-215035V2R7RHEL 9 must not install packages from the Extra Packages for Enterprise Linux (EPEL) repository.Red Hat Enterprise Linux 9
RHEL-09-215040V2R7RHEL 9 must not have the telnet-server package installed.Red Hat Enterprise Linux 9
RHEL-09-215045V2R7RHEL 9 must not have the gssproxy package installed.Red Hat Enterprise Linux 9
RHEL-09-215050V2R7RHEL 9 must not have the iprutils package installed.Red Hat Enterprise Linux 9
RHEL-09-215055V2R7RHEL 9 must not have the tuned package installed.Red Hat Enterprise Linux 9
RHEL-09-231195V2R7RHEL 9 must disable mounting of cramfs.Red Hat Enterprise Linux 9
RHEL-09-291035V2R7RHEL 9 Bluetooth must be disabled.Red Hat Enterprise Linux 9
TOSS-04-040150V2R3TOSS must cover or disable the built-in or attached camera when not in use.Tri-Lab Operating System Stack
TOSS-04-040160V2R3TOSS must disable IEEE 1394 (FireWire) Support.Tri-Lab Operating System Stack
TOSS-04-040170V2R3TOSS must disable mounting of cramfs.Tri-Lab Operating System Stack
TOSS-04-040180V2R3TOSS must disable network management of the chrony daemon.Tri-Lab Operating System Stack
TOSS-04-040190V2R3TOSS must disable the asynchronous transfer mode (ATM) protocol.Tri-Lab Operating System Stack
TOSS-04-040200V2R3TOSS must disable the controller area network (CAN) protocol.Tri-Lab Operating System Stack
TOSS-04-040210V2R3TOSS must disable the stream control transmission (SCTP) protocol.Tri-Lab Operating System Stack
TOSS-04-040220V2R3TOSS must disable the transparent inter-process communication (TIPC) protocol.Tri-Lab Operating System Stack
TOSS-04-040230V2R3TOSS must not have any automated bug reporting tools installed.Tri-Lab Operating System Stack
TOSS-04-040250V2R3TOSS must not have the sendmail package installed.Tri-Lab Operating System Stack
TOSS-04-040260V2R3TOSS must not have the telnet-server package installed.Tri-Lab Operating System Stack
UBTU-18-010018V2R15The Ubuntu operating system must not have the Network Information Service (NIS) package installed.Ubuntu 18.04
UBTU-18-010019V2R15The Ubuntu operating system must not have the rsh-server package installed.Ubuntu 18.04
UBTU-20-010406V2R3The Ubuntu operating system must not have the rsh-server package installed.Ubuntu 20.04
UBTU-22-215030V2R7Ubuntu 22.04 LTS must not have the "rsh-server" package installed.Ubuntu 22.04
UBTU-22-215040V2R7Ubuntu 22.04 LTS must not have the nfs-kernel-server package installed.Ubuntu 22.04
UBTU-24-100040V1R1Ubuntu 24.04 LTS must not have the rsh-server package installed.Ubuntu 24.04
WN10-00-000080V3R6Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems.Microsoft Windows 10
WN10-00-000100V3R6Internet Information System (IIS) or its subcomponents must not be installed on a workstation.Microsoft Windows 10
WN10-00-000110V3R6Simple TCP/IP Services must not be installed on the system.Microsoft Windows 10
WN10-00-000155V3R6The Windows PowerShell 2.0 feature must be disabled on the system.Microsoft Windows 10
WN10-00-000160V3R6The Server Message Block (SMB) v1 protocol must be disabled on the system.Microsoft Windows 10
WN10-00-000165V3R6The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.Microsoft Windows 10
WN10-00-000170V3R6The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.Microsoft Windows 10
WN10-00-000175V3R6The Secondary Logon service must be disabled on Windows 10.Microsoft Windows 10
WN10-00-000210V3R6Bluetooth must be turned off unless approved by the organization.Microsoft Windows 10
WN10-CC-000005V3R6Camera access from the lock screen must be disabled.Microsoft Windows 10
WN10-CC-000007V3R6Windows 10 must cover or disable the built-in or attached camera when not in use.Microsoft Windows 10
WN10-CC-000010V3R6The display of slide shows on the lock screen must be disabled.Microsoft Windows 10
WN10-CC-000038V3R6WDigest Authentication must be disabled.Microsoft Windows 10
WN10-CC-000039V3R6Run as different user must be removed from context menus.Microsoft Windows 10
WN10-CC-000044V3R6Internet connection sharing must be disabled.Microsoft Windows 10
WN10-CC-000100V3R6Downloading print driver packages over HTTP must be prevented.Microsoft Windows 10
WN10-CC-000105V3R6Web publishing and online ordering wizards must be prevented from downloading a list of providers.Microsoft Windows 10
WN10-CC-000110V3R6Printing over HTTP must be prevented.Microsoft Windows 10
WN10-CC-000120V3R6The network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows 10
WN10-CC-000130V3R6Local users on domain-joined computers must not be enumerated.Microsoft Windows 10
WN10-CC-000175V3R6The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows 10
WN10-CC-000197V3R6Microsoft consumer experiences must be turned off.Microsoft Windows 10
WN10-CC-000210V3R6The Windows Defender SmartScreen for Explorer must be enabled.Microsoft Windows 10
WN10-CC-000252V3R6Windows 10 must be configured to disable Windows Game Recording and Broadcasting.Microsoft Windows 10
WN10-CC-000300V3R6Basic authentication for RSS feeds over HTTP must not be used.Microsoft Windows 10
WN10-CC-000305V3R6Indexing of encrypted files must be turned off.Microsoft Windows 10
WN10-CC-000370V3R6The convenience PIN for Windows 10 must be disabled.Microsoft Windows 10
WN10-CC-000385V3R6Windows Ink Workspace must be configured to disallow access above the lock.Microsoft Windows 10
WN10-CC-000390V3R6Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications.Microsoft Windows 10
WN10-UC-000015V3R6Toast notifications to the lock screen must be turned off.Microsoft Windows 10
WN10-00-000126V3R6Windows 10 systems must block consumer account user authentication.Microsoft Windows 10
WN11-00-000100V2R5Internet Information System (IIS) or its subcomponents must not be installed on a workstation.Microsoft Windows 11
WN11-00-000110V2R5Simple TCP/IP Services must not be installed on the system.Microsoft Windows 11
WN11-00-000155V2R5The Windows PowerShell 2.0 feature must be disabled on the system.Microsoft Windows 11
WN11-00-000160V2R5The Server Message Block (SMB) v1 protocol must be disabled on the system.Microsoft Windows 11
WN11-00-000165V2R5The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.Microsoft Windows 11
WN11-00-000170V2R5The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.Microsoft Windows 11
WN11-00-000175V2R5The Secondary Logon service must be disabled on Windows 11.Microsoft Windows 11
WN11-00-000210V2R5Bluetooth must be turned off unless approved by the organization.Microsoft Windows 11
WN11-00-000220V2R5Bluetooth must be turned off when not in use.Microsoft Windows 11
WN11-CC-000005V2R5Camera access from the lock screen must be disabled.Microsoft Windows 11
WN11-CC-000007V2R5Windows 11 must cover or disable the built-in or attached camera when not in use.Microsoft Windows 11
WN11-CC-000010V2R5The display of slide shows on the lock screen must be disabled.Microsoft Windows 11
WN11-CC-000038V2R5WDigest Authentication must be disabled.Microsoft Windows 11
WN11-CC-000039V2R5Run as different user must be removed from context menus.Microsoft Windows 11
WN11-CC-000044V2R5Internet connection sharing must be disabled.Microsoft Windows 11
WN11-CC-000100V2R5Downloading print driver packages over HTTP must be prevented.Microsoft Windows 11
WN11-CC-000105V2R5Web publishing and online ordering wizards must be prevented from downloading a list of providers.Microsoft Windows 11
WN11-CC-000110V2R5Printing over HTTP must be prevented.Microsoft Windows 11
WN11-CC-000120V2R5The network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows 11
WN11-CC-000130V2R5Local users on domain-joined computers must not be enumerated.Microsoft Windows 11
WN11-CC-000175V2R5The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows 11
WN11-CC-000197V2R5Microsoft consumer experiences must be turned off.Microsoft Windows 11
WN11-CC-000210V2R5The Microsoft Defender SmartScreen for Explorer must be enabled.Microsoft Windows 11
WN11-CC-000252V2R5Windows 11 must be configured to disable Windows Game Recording and Broadcasting.Microsoft Windows 11
WN11-CC-000300V2R5Basic authentication for RSS feeds over HTTP must not be used.Microsoft Windows 11
WN11-CC-000305V2R5Indexing of encrypted files must be turned off.Microsoft Windows 11
WN11-CC-000370V2R5The convenience PIN for Windows 11 must be disabled.Microsoft Windows 11
WN11-CC-000390V2R5Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications.Microsoft Windows 11
WN11-UC-000015V2R5Toast notifications to the lock screen must be turned off.Microsoft Windows 11
WN16-00-000300V2R9The roles and features required by the system must be documented.Microsoft Windows Server 2016
WN16-00-000350V2R9The Fax Server role must not be installed.Microsoft Windows Server 2016
WN16-00-000370V2R9The Peer Name Resolution Protocol must not be installed.Microsoft Windows Server 2016
WN16-00-000380V2R9Simple TCP/IP Services must not be installed.Microsoft Windows Server 2016
WN16-00-000400V2R9The TFTP Client must not be installed.Microsoft Windows Server 2016
WN16-00-000410V2R9The Server Message Block (SMB) v1 protocol must be uninstalled.Microsoft Windows Server 2016
WN16-00-000411V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.Microsoft Windows Server 2016
WN16-00-000412V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.Microsoft Windows Server 2016
WN16-00-000420V2R9Windows PowerShell 2.0 must not be installed.Microsoft Windows Server 2016
WN16-CC-000010V2R9The display of slide shows on the lock screen must be disabled.Microsoft Windows Server 2016
WN16-CC-000030V2R9WDigest Authentication must be disabled on Windows Server 2016.Microsoft Windows Server 2016
WN16-CC-000160V2R9Downloading print driver packages over HTTP must be prevented.Microsoft Windows Server 2016
WN16-CC-000170V2R9Printing over HTTP must be prevented.Microsoft Windows Server 2016
WN16-CC-000180V2R9The network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows Server 2016
WN16-CC-000240V2R9The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows Server 2016
WN16-CC-000330V2R9Windows Server 2016 Windows SmartScreen must be enabled.Microsoft Windows Server 2016
WN16-CC-000430V2R9Basic authentication for RSS feeds over HTTP must not be used.Microsoft Windows Server 2016
WN16-CC-000440V2R9Indexing of encrypted files must be turned off.Microsoft Windows Server 2016
WN16-DC-000130V2R9Domain controllers must run on a machine dedicated to that function.Microsoft Windows Server 2016
WN16-MS-000030V2R9Local users on domain-joined computers must not be enumerated.Microsoft Windows Server 2016
WN16-CC-000421V2R9The Windows Explorer Preview pane must be disabled for Windows Server 2016.Microsoft Windows Server 2016
WN19-00-000270V3R7Windows Server 2019 must have the roles and features required by the system documented.Microsoft Windows Server 2019
WN19-00-000320V3R7Windows Server 2019 must not have the Fax Server role installed.Microsoft Windows Server 2019
WN19-00-000340V3R7Windows Server 2019 must not have the Peer Name Resolution Protocol installed.Microsoft Windows Server 2019
WN19-00-000350V3R7Windows Server 2019 must not have Simple TCP/IP Services installed.Microsoft Windows Server 2019
WN19-00-000370V3R7Windows Server 2019 must not have the TFTP Client installed.Microsoft Windows Server 2019
WN19-00-000380V3R7Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed.Microsoft Windows Server 2019
WN19-00-000390V3R7Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.Microsoft Windows Server 2019
WN19-00-000400V3R7Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.Microsoft Windows Server 2019
WN19-00-000410V3R7Windows Server 2019 must not have Windows PowerShell 2.0 installed.Microsoft Windows Server 2019
WN19-CC-000010V3R7Windows Server 2019 must prevent the display of slide shows on the lock screen.Microsoft Windows Server 2019
WN19-CC-000020V3R7Windows Server 2019 must have WDigest Authentication disabled.Microsoft Windows Server 2019
WN19-CC-000150V3R7Windows Server 2019 downloading print driver packages over HTTP must be turned off.Microsoft Windows Server 2019
WN19-CC-000160V3R7Windows Server 2019 printing over HTTP must be turned off.Microsoft Windows Server 2019
WN19-CC-000170V3R7Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows Server 2019
WN19-CC-000200V3R7Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows Server 2019
WN19-CC-000300V3R7Windows Server 2019 Windows Defender SmartScreen must be enabled.Microsoft Windows Server 2019
WN19-CC-000400V3R7Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP.Microsoft Windows Server 2019
WN19-CC-000410V3R7Windows Server 2019 must prevent Indexing of encrypted files.Microsoft Windows Server 2019
WN19-DC-000130V3R7Windows Server 2019 domain controllers must run on a machine dedicated to that function.Microsoft Windows Server 2019
WN19-MS-000030V3R7Windows Server 2019 local users on domain-joined member servers must not be enumerated.Microsoft Windows Server 2019
WN22-00-000270V2R7Windows Server 2022 must have the roles and features required by the system documented.Microsoft Windows Server 2022
WN22-00-000320V2R7Windows Server 2022 must not have the Fax Server role installed.Microsoft Windows Server 2022
WN22-00-000340V2R7Windows Server 2022 must not have the Peer Name Resolution Protocol installed.Microsoft Windows Server 2022
WN22-00-000350V2R7Windows Server 2022 must not have Simple TCP/IP Services installed.Microsoft Windows Server 2022
WN22-00-000370V2R7Windows Server 2022 must not have the TFTP Client installed.Microsoft Windows Server 2022
WN22-00-000380V2R7Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.Microsoft Windows Server 2022
WN22-00-000390V2R7Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.Microsoft Windows Server 2022
WN22-00-000400V2R7Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.Microsoft Windows Server 2022
WN22-00-000410V2R7Windows Server 2022 must not have Windows PowerShell 2.0 installed.Microsoft Windows Server 2022
WN22-CC-000010V2R7Windows Server 2022 must prevent the display of slide shows on the lock screen.Microsoft Windows Server 2022
WN22-CC-000020V2R7Windows Server 2022 must have WDigest Authentication disabled.Microsoft Windows Server 2022
WN22-CC-000150V2R7Windows Server 2022 downloading print driver packages over HTTP must be turned off.Microsoft Windows Server 2022
WN22-CC-000160V2R7Windows Server 2022 printing over HTTP must be turned off.Microsoft Windows Server 2022
WN22-CC-000170V2R7Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows Server 2022
WN22-CC-000200V2R7Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows Server 2022
WN22-CC-000300V2R7Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled.Microsoft Windows Server 2022
WN22-CC-000400V2R7Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP.Microsoft Windows Server 2022
WN22-CC-000410V2R7Windows Server 2022 must prevent Indexing of encrypted files.Microsoft Windows Server 2022
WN22-DC-000130V2R7Windows Server 2022 domain controllers must run on a machine dedicated to that function.Microsoft Windows Server 2022
WN22-MS-000030V2R7Windows Server 2022 local users on domain-joined member servers must not be enumerated.Microsoft Windows Server 2022
WN25-00-000270V1R1Windows Server 2025 must have the roles and features required by the system documented.Microsoft Windows Server 2025
WN25-00-000320V1R1Windows Server 2025 must not have the Fax Server role installed.Microsoft Windows Server 2025
WN25-00-000340V1R1Windows Server 2025 must not have the Peer Name Resolution Protocol installed.Microsoft Windows Server 2025
WN25-00-000350V1R1Windows Server 2025 must not have Simple TCP/IP Services installed.Microsoft Windows Server 2025
WN25-00-000370V1R1Windows Server 2025 must not have the TFTP Client installed.Microsoft Windows Server 2025
WN25-00-000380V1R1Windows Server 2025 must not have the Server Message Block (SMB) v1 protocol installed.Microsoft Windows Server 2025
WN25-00-000390V1R1Windows Server 2025 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.Microsoft Windows Server 2025
WN25-00-000400V1R1Windows Server 2025 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.Microsoft Windows Server 2025
WN25-00-000410V1R1Windows Server 2025 must not have Windows PowerShell 2.0 installed.Microsoft Windows Server 2025
WN25-CC-000010V1R1Windows Server 2025 must prevent the display of slide shows on the lock screen.Microsoft Windows Server 2025
WN25-CC-000150V1R1Windows Server 2025 downloading print driver packages over HTTP must be turned off.Microsoft Windows Server 2025
WN25-CC-000160V1R1Windows Server 2025 printing over HTTP must be turned off.Microsoft Windows Server 2025
WN25-CC-000170V1R1Windows Server 2025 network selection user interface (UI) must not be displayed on the logon screen.Microsoft Windows Server 2025
WN25-CC-000200V1R1Windows Server 2025 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.Microsoft Windows Server 2025
WN25-CC-000300V1R1Windows Server 2025 Microsoft Defender antivirus SmartScreen must be enabled.Microsoft Windows Server 2025
WN25-CC-000400V1R1Windows Server 2025 must disable Basic authentication for RSS feeds over HTTP.Microsoft Windows Server 2025
WN25-CC-000410V1R1Windows Server 2025 must prevent Indexing of encrypted files.Microsoft Windows Server 2025
WN25-DC-000130V1R1Windows Server 2025 domain controllers must run on a machine dedicated to that function.Microsoft Windows Server 2025
WN25-MS-000030V1R1Windows Server 2025 local users on domain-joined member servers must not be enumerated.Microsoft Windows Server 2025
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.