JULY 2019 Maintenance Release: STIGS to Be Released Release Date: 26 July 2019

Adobe Acrobat Pro DC Classic Track STIG, Version 1, Release 3V-80157

Deleted AADC-CL-001330.

V-80159Deleted AADC-CL-001335.

Documentation UpdateDeleted GPO template folders from STIG package. Use GPO package instead.

Adobe Acrobat Pro DC Continuous Track STIG, Version 1, Release 2V-74907

Deleted AADC-CN-001335.

V-79405Deleted AADC-CN-001330.

Documentation UpdateDeleted GPO template folders from STIG package. Use GPO package instead.

Adobe Acrobat Reader DC Classic Track STIG Benchmark, Version 1, Release 6V-65799

Deleted ARDC-CL-000310 from Benchmark.

V-65805Deleted ARDC-CL-000325 from Benchmark.

Adobe Acrobat Reader DC Classic Track STIG, Version 1, Release 5V-65799

Deleted ARDC-CL-000310.

V-65805Deleted ARDC-CL-000325.

Documentation UpdateDeleted GPO template folders from STIG package. Use GPO package instead.

Adobe Acrobat Reader DC Continuous Track STIG Benchmark, Version 1, Release 5V-65665

Deleted ARDC-CN-000310 from Benchmark.

V-65671Deleted ARDC-CN-000325 from Benchmark.

Adobe Acrobat Reader DC Continuous Track STIG, Version 1, Release 6

V-65665Deleted ARDC-CN-000310.

V-65671Deleted ARDC-CN-000325.

Documentation UpdateDeleted GPO template folders from STIG package. Use GPO package instead.

Apple OS X 10.12 Workstation STIG, Version 1, Release 5V-76085

Updated requirement text regarding properly signed applications.

Apple OS X 10.13 Workstation STIG, Version 1, Release 3V-81647

Updated requirement text regarding properly signed applications.

Application Server SRG, Version 2, Release 6V-57489

Deleted SRG-APP-000355-AS-000055.

Application SRG, Version 2, Release 0.9V-45027

Deleted SRG-APP-000354.

V-45029Deleted SRG-APP-000355.

BIND 9.x STIG, Version 1, Release 7V-72475

Modified allowed validity signature time to be in sync with SOA expiration according to DNSSEC RFC.

BlackBerry UEM 12.8 STIG, Version 1, Release 2V-94561

Added new requirement to sunset STIG.

Central Log Server SRG, Version 1, Release 2V-81175

Removed SRG-APP-000381-AU-000320, which was out of scope for this SRG.

V-81181Removed "guarantee" from Vulnerability Discussion.

V-81189Updated Vulnerability Discussion and Fix to indicate that an SSP is needed to define and give minimum recommendations.

Firewall SRG, Version 1, Release 4V-79415

Changed rule to more clearly require "deny-by-default" and revised the Fix text to match the requirement.

General Purpose Operating System SRG, Version 1, Release 6V-56581

Removed a policy requirement.

V-56773Narrowed scope to the OS layer only and to logon/access to the OS only.

V-57241Removed a capability requirement per RME preference.

V-57243Removed a capability requirement per RME preference.

Google Chrome Browser STIG, Version 1, Release 16V-44769

Fixed V-44769 to enable setting with a value of "2".

V-44805Modified V-44805 to state version 74.x.x or higher.

Google Chrome for Windows STIG Benchmark, Version 1, Release 12V-44805

Added explicit Chrome version check to OVAL.

HBSS ePO 5.3/5.9 STIG, Version 1, Release 18V-14495

Modified requirement to be consistent with HBSS Remote Console V-14513.

V-14507Updated content to reflect clarification on using VMware.

V-24014Corrected CYBERCOM OPORD reference.

HBSS HIP 8 Firewall STIG, Version 1, Release 13Documentation Update

Added Revision History bullet for change made in April release for V47481. Requirement was removed because if H36900 is compliant (HIPS enabled), then any FW policy applied has an implicit rule for block all traffic but is hidden and cannot be checked.

HBSS HIP 8 STIG, Version 4, Release 23V-60665

Removed references to Block and Prevent. These actions are configured in the severity level not in the

V-60667Removed references to Block and Prevent. These actions are configured in the severity level not in the

V-60669Removed references to Block and Prevent. These actions are configured in the severity level not in the

HBSS McAfee Agent STIG, Version 4, Release 18V-15363

Added note that operating systems not able to support HIP 8.

Juniper Router NDM STIG, Version 1, Release 2V-91107

Corrected configuration example in Check and Fix.

Juniper Router RTR STIG, Version 1, Release 2V-90807

Corrected Check and Fix.

V-90823Changed SNMP from TCP to UDP in Check.

V-90845Corrected Check and Fix.

V-90847Corrected configuration example in Check and Fix.

V-90849Provided clarification in Check.

V-90883Corrected configuration example in Check.

V-90897Corrected finding statement in Check.

V-90901Corrected Check and Fix.

V-90939Corrected Check and Fix.

V-90941Removed PE router from Rule Title.

V-90943Removed requirement, which was redundant with JUNI-RT-000740.

V-90951Corrected Check and Fix.

V-90957

Removed "and sources" from Rule Title, Check, and Fix content.

V-90961Provided clarification in Check.

V-90963Provided clarification in Check.

V-96005Added BGP requirement to filter AS_PATH attribute.

Juniper SRX Services Gateway (SG) Application Layer Gateway (ALG) STIG, Version 1, Release 4Documentation Update

Revised text in third paragraph of Overview from "Juniper SRX ALG STIG" to "Juniper SRX SG ALG

Juniper SRX Services Gateway (SG) Network Device Management (NDM) STIG, Version 1, Release 3V-66523

Fixed typo in command.

Layer 2 Switch SRG, Version 1, Release 4V-62157

Removed the requirement. RADIUS server determines EAP method.

V-62165Updated rule title and vul discussion.

V-62173Updated rule title, check, and fix for clarification.

V-62213Updated Rule Title.

V-95879Added requirement for storm control.

V-95881Added requirement for IGMP snooping.

McAfee Application Control 8.x STIG, Version 1, Release 4V-74211

Modified the finding statement to not all "Recovered" as status.

McAfee ENS 10.x STIG, Version 1, Release 4V-80025

Modified Check criteria to "All fixed drives" or "All local drives" to be consistent with McAfee VSE 8.8

V-80047Removed STIG ID from ENS STIG due to signature 7035 being mandated in the HBSS HIP 8 STIG, V-60667, H36673 - HIP 8.

MDM Server Policy STIG, Version 2, Release 5V-24955

Made minor updates to text throughout Check.

V-24957Made minor updates to text throughout Check.

V-24962Made minor updates to text throughout Check.

V-24969Made minor updates to text throughout Check.

V-24970Made minor updates to text throughout Check.

V-28313Made minor updates to text throughout Check.

Documentation UpdateMade minor update to the Overview document.

Microsoft Exchange 2016 Edge Transport Server STIG, Version 1, Release 3V-80491

Modified Finding statement for clarity.

V-80587Modified Check content to mention, if this is on SIPRNet, this check is NA.

Microsoft Exchange 2016 Mailbox Server STIG, Version 1, Release 3V-80637

Corrected Check and finding text.

Microsoft IIS 8.5 Server STIG, Version 1, Release 8V-76737

Refined V-76737 to not require the selection of individual errors.

V-76763Removed V-76763.

V-95633Moved Site STIG V-76773 content to TBD in Server STIG and modified Site content to check each site at that

Microsoft IIS 8.5 Site STIG, Version 1, Release 8V-76773

Removed.

V-76779

Refined text to state "load balancer/proxy server" and removed "only".

V-76791Modified Fix text to reflect correct steps.

V-76795Adjusted permissions.

V-76799Remove Handler Mappings references and added reference to Request Filtering instead.

V-76807Added note stating that if certificate handling is performed at the Proxy/Load Balancer, this is not a finding.Modified to include "or other approved port".

V-76849Added N/A statement.

V-76851Refined text to state "load balancer/proxy server" and removed "only".

V-76861Added N/A statement for public-facing site.Synced Check/Fix settings.

V-76865Added N/A statement for SharePoint.

V-76867Added N/A statement for SharePoint.

V-76869Added N/A statement for SharePoint.

V-76871Added N/A statement for SharePoint.

V-76885Removed ".aspx".

Microsoft Sharepoint 2013 STIG, Version 1, Release 7V-59945

Added N/A Statement to V-59945.

V-59947Added N/A Statement to V-59947.

V-59973Downgraded V-59973 to a CAT II.

Microsoft SQL Server 2012 STIG, Version 1, Release 19V-40945

Sunsetting SQL 2012 STIG.

Microsoft SQL Server 2016 Instance STIG, Version 1, Release 6V-79129

V-79129 - Modified Check to account for clustered servers.

V-79239V-79239 - Added DATABASE_OBJECT_ACCESS_GROUP to "SQL Server 2016 Audit.sql".

V-79291V-79291 - Added USER_CHANGE_PASSWORD_GROUP to "SQL Server 2016 Audit.sql".

V-79293V-79293 - Added LOGOUT_GROUP to audit check.

V-79295V-79295 - Added LOGOUT_GROUP to audit check.

V-79327V-79327 - Corrected query for database permissions.

Microsoft Windows 10 STIG Benchmark, Version 1, Release 15V-63533

Update the OVAL to handle the possible user of: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.

V-63537Update the OVAL to handle the possible user of: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.

V-63541Update the OVAL to handle the possible user of: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.

V-63685Update OVAL to handle the additional default assigned User: Windows Manager\Window Manager Group.

Benchmark UpdateRebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows 10 STIG, Version 1, Release 18V-63323

Added note to requirement regarding severity level upgrade in January 2020.

V-63337Updated to allow other FullDisk Encryption (FDE) applications in lieu of BitLocker.

V-63349Updated to include details for v1903.

V-63393Added note to requirement regarding Adobe Preflight certificate files.

V-63403Updated requirement with GPO path for v1703 and higher.

V-63533Updated to allow permissions for "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION

V-63537Updated to allow permissions for "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION

V-63595Added note to requirement regarding severity level upgrade in January 2020.

V-63599Added note to requirement regarding severity level upgrade in January 2020.

V-63603Removed Virtualization-based Protection of Code Integrity requirement.

V-63741Updated to allow permissions for "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION

V-63875Corrected typo in the Check, making the Enterprise Admins group and the Domain Admins group plural.

V-63879Corrected typo in the Check, making the Enterprise Admins group and the Domain Admins group plural.

V-63891Updated to allow assignment to "Window Manager\Window Manager Group".

V-68819Updated requirement to remove extra space from registry path.

V-74413Updated requirement to remove extra space from registry path.

V-74715Updated requirement to remove extra space from registry path.

V-74719Updated requirement to verify the Secondary Logon service is not running.

V-77189Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77191Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77195Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77201Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77205Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77209Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77213Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77217Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77221Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77223Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77227Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77231Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77233Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77235Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77239Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77243Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77245

Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77247Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77249Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77255Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77259Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77263Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77267Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-77269Added note to requirement to match the case for the filename if the PowerShell command does not garner

V-94859Added to new requirement for BitLocker PIN.

V-94861Added to new requirement for BitLocker PIN length.

Documentation UpdateRemoved EMET references from the Overview document.

Microsoft Windows 2008 DC STIG Benchmark, Version 6, Release 44Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows 2008 DC STIG, Version 6, Release 44V-1073

Updated requirement to note that support will no longer be provided for the OS in January 2020.

Microsoft Windows 2008 MS STIG Benchmark, Version 6, Release 44Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows 2008 MS STIG, Version 6, Release 43V-1073

Updated requirement to note that support will no longer be provided for the OS in January 2020.

Microsoft Windows 2008 R2 DC STIG Benchmark, Version 1, Release 32

Benchmark UpdateRebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows 2008 R2 DC STIG, Version 1, Release 31V-1073

Updated requirement to note that support will no longer be provided for the OS in January 2020.

Microsoft Windows 2008 R2 MS STIG Benchmark, Version 1, Release 33Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows 2008 R2 MS STIG, Version 1, Release 30V-1073

Updated requirement to note that support will no longer be provided for the OS in January 2020.

Microsoft Windows 2008 Server DNS STIG, Version 1, Release 6V-58583

Added note that requirement is Not Applicable if DNS server is not providing a caching role.

V-58627Provided additional information in Check and Fix on removing root hints.

Microsoft Windows 2012 and 2012 R2 DC STIG Benchmark, Version 2, Release 17V-3376

Removed OVAL from benchmark.

Microsoft Windows 2012 and 2012 R2 MS STIG Benchmark, Version 2, Release 16V-3376

Removed OVAL from benchmark.

Microsoft Windows 2012 Server DNS STIG, Version 1, Release 12V-58553

Corrected format of Check content to provide clarity.

V-58583Added note that requirement is Not Applicable if DNS server is not providing a caching role.

V-58615Provided additional information in Check and Fix on removing root hints.

V-58627Updated Check and Fix with respect to disabling IPv6.

V-58645Modified permissions conflict between V58641 and V58645.

Microsoft Windows Defender Antivirus STIG Benchmark, Version 1, Release 3Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows Defender Antivirus STIG, Version 1, Release 6V-75167

Corrected back to properties for "Enabled" as the conflicting STIG ID in the Windows OS STIG has been

Microsoft Windows Privileged Access Workstation (PAW) STIG, Version 1, Release 2V-78157

Added exception to control.

V-78163Added exception to control.

Microsoft Windows Server 2012 and 2012 R2 DC STIG, Version 2, Release 17V-3376

Removed requirement for storage of passwords and credentials.

V-7002Updated requirement with note excluding Trust Domain Objects (TDOs).

V-15823Added note to requirement regarding Adobe Preflight certificate files.

V-36707Updated requirement with applicability note for unclassified systems.

V-36734Modified Check and Fix text to require "DoD-approved HBSS software".

V-80475Updated requirement to remove extra space from registry path.

Microsoft Windows Server 2012 and 2012 R2 MS STIG, Version 2, Release 16V-3376

Removed requirement for storage of passwords and credentials.

V-7002Updated requirement with note excluding Trust Domain Objects (TDOs).

V-15823Added note to requirement regarding Adobe Preflight certificate files.

V-36707Updated requirement with applicability note for unclassified systems.

V-36734Modified Check and Fix text to require "DoD-approved HBSS software".

V-80475Updated requirement to remove extra space from registry path.

Microsoft Windows Server 2016 STIG Benchmark, Version 1, Release 10Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Microsoft Windows Server 2016 STIG, Version 1, Release 9V-73237

Upgraded Severity Level for requirement to CAT II in line with the Windows Server 2019 STIG.

V-73261Updated requirement with note excluding Trust Domain Objects (TDOs).

V-73271Added note to requirement regarding Adobe Preflight certificate files.

V-73281Modified Check and Fix text to require "DoD-approved HBSS software".

V-73497Corrected typo in the Discussion, replacing Windows 10 with Windows Server 2016.

V-73513Upgraded Severity Level for requirement to CAT II in line with the Windows Server 2019 STIG.

V-73515Upgraded Severity Level for requirement to CAT I in line with the Windows Server 2019 STIG.

V-73517Removed Virtualization-based Protection of Code Integrity requirement.

V-73559Updated requirement with applicability note for unclassified systems.

V-73731Updated Check Text with correct user right.

V-90355Added Rule Title to requirement. Corrected typo in the Discussion, replacing Windows 10 with Windows

V-90357Corrected typo in the Discussion, replacing Windows 10 with Windows Server 2016.

Microsoft Windows Server 2019 STIG, Version 1, Release 2V-93221

Added note to requirement regarding Adobe Preflight certificate files.

V-93247Removed Virtualization-based Protection of Code Integrity requirement.

V-93411Updated requirement with applicability note for unclassified systems.

V-93439Updated requirement with note excluding Trust Domain Objects (TDOs).

Mobile Device Policy STIG, Version 2, Release 6V-8283

Check retargeted to STIG from the Mobile Policy STIG, which has been retired.

V-12106Check retargeted to the Mobile Device Policy STIG. Made minor updates to Check.

V-15782Check retargeted to STIG from the Mobile Policy STIG, which has been retired.

V-19813Check retargeted to STIG from the Mobile Policy STIG, which has been retired.

V-24953Made minor updates to Check text.

V-24955Made minor updates to Check text.

V-24957Made minor updates to Check text.

V-24958Made minor updates to Check text.

V-24960Made minor updates to Check text.

V-24961Made minor updates to Check text.

V-24962Made minor updates to Check text.

V-24963Made minor updates to Check text.

V-24964Made minor updates to Check text.

V-24969Made minor updates to Check text.

V-28317Made minor updates to Check text.

V-32677Made minor updates to Check text.

V-94849Check retargeted to the Mobile Device Policy STIG. Made minor updates to the Check.

Documentation UpdateChanged STIG name from CMD Policy STIG to Mobile Device Policy STIG to reflect current DoD terminology. Made minor update to the Overview document.

Mobile Policy STIG, NADocumentation Update

All checks in STIG retargeted to the Mobile Device Policy STIG. STIG will be retired.

MobileIron Core 9.x STIG, Version 1, Release 4V-94559

Added new requirement to sunset STIG.

Mozilla FireFox for RHEL STIG Benchmark, Version 1, Release 3V-15772

Updated OVAL to use plugin.disable_full_page_plugin_for_types preference setting to disable external applications are used for specified file types.

V-15983Updated OVAL to not check for security.enable_tls setting.

V-15987Removed OVAL from benchmark.

V-15989Removed OVAL from benchmark.

V-17988Updated OVAL to verify Firefox version correctly

Mozilla FireFox for Windows STIG Benchmark, Version 1, Release 3V-15772

Updated OVAL to use plugin.disable_full_page_plugin_for_types preference setting to disable external applications are used for specified file types.

V-15983Updated OVAL to not check for security.enable_tls setting.

V-15987Removed OVAL from benchmark.

V-15989Removed OVAL from benchmark.

V-17988Updated OVAL to verify Firefox version correctly

Mozilla FireFox STIG, Version 4, Release 26V-15772

Changed V-15772 to use "plugin.disable_full_page_plugin_for_types".

V-15774Changed "False" to lower-case.

V-15775Changed "False" to lower-case.

V-15983V-15983 - Removed deprecated setting "security.enable_tls".

V-15987V-15987 - Removed due to deprecated setting.

V-15989V-15989 - Removed due to deprecated setting.

Operating System SRG, Version 2, Release 0.9V-44223

Removed a capability requirement per RME preference.

V-44225Removed a capability requirement per RME preference.

V-44357Narrowed scope to the OS layer only and to logon/access to the OS only.

V-55565Removed a policy requirement.

Oracle 11.2g Database STIG, Version 1, Release 15V-52237

V-52237 - Updated to exclude external executables owned by SYS.

V-52345V-52345 - Updated the Check and Fix.

V-52351V-52351 - Added DEFAULT profile check.

V-54077

V-54077 - Updated SQLNET.ALLOWED_LOGON_VERSION Parameter.

V-75031V-75031 - Corrected non-privileged accounts prefix.

Oracle Database 12c STIG, Version 1, Release 13V-61535

V-61535 - Updated SQLNET.ALLOWED_LOGON_VERSION_SERVER/CLIENT Parameter.

V-61579V-61579 - Added instructions to disable ora_dism.

V-61627V-61627 - Corrected ACTION_NAME for Unified Auditing.

V-61635V-61635 - Corrected values in SYS.UNIFIED_AUDIT_TRAIL view.

V-61641V-61641 - Corrected unified auditing typo.

V-61683V-61683 - Updated to exclude external executables owned by SYS.

V-61709V-61709 - Corrected non-privileged accounts prefix.

V-61719V-61719 - Corrected ORA12C_STRONG_VERIFY_FUNCTION reference.

V-61963V-61963 - Added Oracle Optimal Flexible Architecture.

Oracle Linux 6 STIG, Version 1, Release 16V-50545

Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51061Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51063Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51067Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51069Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51093Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51137Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51139Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51143Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51145Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51147Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51149Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51151Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51153Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51155Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51157Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51159Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51161Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51163Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51165Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51167Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-51169

Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

Oracle WebLogic Server 12c STIG, Version 1, Release 6V-56205

Removed custom identity and Java standard trust from finding statement.

V-56207Removed custom identity and Java standard trust from finding statement.

V-56295Removed custom identity and Java standard trust from finding statement.

V-56303Removed custom identity and Java standard trust from finding statement.

V-56305Removed custom identity and Java standard trust from finding statement.

V-56309Removed custom identity and Java standard trust from finding statement.

V-56329Removed custom identity and Java standard trust from finding statement.

V-56347Removed custom identity and Java standard trust from finding statement.

Red Hat 6 STIG Benchmark, Version 1, Release 24Benchmark Update

Rebundled benchmark to accommodate updated Rule IDs.

Red Hat 6 STIG, Version 1, Release 23V-38439

Removed the requirement because it references an inherent function of all current Linux-based operating

V-38522Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38525Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38527Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38540Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38543Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38545Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38547Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38550Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38552Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38554Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38556Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38557Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38558Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38559Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38561Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38563Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38565Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38566Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38568Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38575Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38580Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-38679Added a note that the requirement does not apply to the local loopback interface.

V-81441Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

Red Hat Enterprise Linux 7 STIG Benchmark, Version 2, Release 4V-71973

Updated OVAL to accommodate leading zeroes in crontab time specifications.

V-71983Added OVAL for requirement.

V-72067Removed duplicated OVAL test for "fips=1" in "GRUB_CMDLINE_LINUX_DEFAULT" environment variable in /etc/default/grub.

V-72191Added OVAL for requirement.

V-72221Removed duplicated OVAL test for "fips=1" in "GRUB_CMDLINE_LINUX_DEFAULT" environment variable in /etc/default/grub.

V-72253Removed duplicated OVAL test for "fips=1" in "GRUB_CMDLINE_LINUX_DEFAULT" environment variable in /etc/default/grub.

V-73159Updated OVAL to handle pam_pwquality.so "requisite" control consistently.

V-77821Added OVAL for requirement.

Red Hat Enterprise Linux 7 STIG, Version 2, Release 4V-71849

Updated the Check command to include a search for User and Group changes. Updated the Fix to properly set the ownership and permissions.

V-71855Added "--noconfig" to the Check command.

V-71943Updated the Rule Title, added individual finding statements for each required option on the configuration line, and added applicable CCIs to the requirement.

V-71983Updated the requirement so that "install usb-storage /bin/true" is defined in a modprobe configuration file.

V-71993Updated the requirement to be focused on command line disablement of the "Ctrl-Alt-Del" key sequence.

V-72015Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72029Updated the Check and Fix commands.

V-72031Updated the Check and Fix commands.

V-72033Updated the Check and Fix commands.

V-72089Updated the Check and Fix to require the "space_left" keyword be set to 25 percent of the total partition size.

V-72095Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72097Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72099Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72101Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72103Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72107Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72109Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72111Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72113Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72115Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72117

Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72119Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72121Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72123Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72125Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72127Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72129Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72131Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72133Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72171Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72187Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72189Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72199Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72201Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72203Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72205Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72207Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-72217Updated the Check and Fix to use the "/etc/security/limits.d/" directory.

V-72271Removed this requirement from the STIG.

V-77821Updated the requirement so that "blacklist dccp" was defined in the /etc/modprobe.d/blacklist.conf file.

V-78999Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-79001Updated the requirement to require the definition of both 32- and 64-bit audit rules on a 64-bit system.

V-94843Added requirement to focus on the disablement of the GUI "Ctrl-Alt-Del" key sequence.

Router SRG, Version 3, Release 3V-92243

Corrected Check and Fix.

Samsung Android 7 with Knox 2.x STIG, Version 1, Release 5V-76571

Changed CC Mode requirement from CAT II to CAT I to be consistent with the Samsung Android OS 9 STIG.

Samsung Android OS 8 (with Knox 3.x) COBO STIG, Version 1, Release 3V-80233

Changed CC Mode requirement from CAT II to CAT I to be consistent with the Samsung Android OS 9 STIG.

Samsung Android OS 8 (with Knox 3.x) COPE STIG, Version 1, Release 3V-80369

Changed CC Mode requirement from CAT II to CAT I to be consistent with the Samsung Android OS 9 STIG.

Solaris 10 SPARC Manual STIG, Version 1, Release 25V-993

Updated language related to SNMP passwords.

V-11984Updated owner of skeleton files.

Solaris 10 SPARC STIG Benchmark, Version 1, Release 22V-11984

Updated OVAL to allow only root to own files and directories in /etc/skel.

Solaris 10 x86 Manual STIG, Version 1, Release 25V-993

Updated language related to SNMP passwords.

V-11984Updated owner of skeleton files.

Solaris 10 x86 STIG Benchmark, Version 1, Release 23V-11984

Updated OVAL to allow only root to own files and directories in /etc/skel.

Solaris 11 SPARC STIG Benchmark, Version 1, Release 12V-49635

Updated OVAL to change file paths used for USB storage check.

Solaris 11 SPARC STIG, Version 1, Release 18V-47805

Updated auditing requirement to reflect changes in Solaris 11.4.

V-47807Updated auditing requirement to reflect changes in Solaris 11.4.

V-47809Updated auditing requirement to reflect changes in Solaris 11.4.

V-47811Updated auditing requirement to reflect changes in Solaris 11.4.

V-47813Updated auditing requirement to reflect changes in Solaris 11.4.

V-47815Updated auditing requirement to reflect changes in Solaris 11.4.

V-47817Updated auditing requirement to reflect changes in Solaris 11.4.

V-47819Updated auditing requirement to reflect changes in Solaris 11.4.

V-47821Updated auditing requirement to reflect changes in Solaris 11.4.

V-47823Updated auditing requirement to reflect changes in Solaris 11.4.

V-47825Updated auditing requirement to reflect changes in Solaris 11.4.

V-47919Updated wording to permit organizationally defined uses.

V-47965Removed HBSS client requirement due to lack of commercial supported client availability.

V-47969Updated browser path information.

V-47995Updated language related to SNMP passwords.

V-48017Updated 080060 (core dump directory group ownership) to remove the ambiguity in its wording.

V-48107Corrected Fix text.

V-48213Updated requirement for new firewall tool.

V-48215Updated requirement for new firewall tool.

V-48219Updated requirement for new firewall tool.

V-48223Updated requirement for new firewall tool.

V-48225Updated requirement for new firewall tool.

V-48227Updated requirement for new firewall tool.

V-48229Updated requirement for new firewall tool.

V-48231Updated requirement for new firewall tool.

V-48233Updated requirement for new firewall tool.

V-48235Updated requirement for new firewall tool.

V-48237Updated requirement for new firewall tool.

V-48239

Updated requirement for new firewall tool.

V-48241Updated requirement for new firewall tool.

V-49635Updated file paths regarding USB storage information.

V-95717Added requirement regarding core dump file locations.

Solaris 11 X86 STIG Benchmark, Version 1, Release 12V-49635

Updated OVAL to change file paths used for USB storage check.

Solaris 11 x86 STIG, Version 1, Release 18V-47805

Updated auditing requirement to reflect changes in Solaris 11.4.

V-47807Updated auditing requirement to reflect changes in Solaris 11.4.

V-47809Updated auditing requirement to reflect changes in Solaris 11.4.

V-47811Updated auditing requirement to reflect changes in Solaris 11.4.

V-47813Updated auditing requirement to reflect changes in Solaris 11.4.

V-47815Updated auditing requirement to reflect changes in Solaris 11.4.

V-47817Updated auditing requirement to reflect changes in Solaris 11.4.

V-47819Updated auditing requirement to reflect changes in Solaris 11.4.

V-47821Updated auditing requirement to reflect changes in Solaris 11.4.

V-47823Updated auditing requirement to reflect changes in Solaris 11.4.

V-47825Updated auditing requirement to reflect changes in Solaris 11.4.

V-47919Updated wording to permit organizationally defined uses.

V-47965Removed HBSS client requirement due to lack of commercial supported client availability.

V-47969Updated browser path information.

V-47995Updated language related to SNMP passwords.

V-48017Updated 080060 (core dump directory group ownership) to remove the ambiguity in its wording.

V-48107Corrected Fix text.

V-48213Updated requirement for new firewall tool.

V-48215Updated requirement for new firewall tool.

V-48219Updated requirement for new firewall tool.

V-48223Updated requirement for new firewall tool.

V-48225Updated requirement for new firewall tool.

V-48227Updated requirement for new firewall tool.

V-48229Updated requirement for new firewall tool.

V-48231Updated requirement for new firewall tool.

V-48233Updated requirement for new firewall tool.

V-48235Updated requirement for new firewall tool.

V-48237

Updated requirement for new firewall tool.

V-48239Updated requirement for new firewall tool.

V-48241Updated requirement for new firewall tool.

V-49635Updated file paths regarding USB storage information.

V-95717New requirement regarding core dump file locations.

Storage Area Network STIG, Version 2, Release 4V-6609

Removed outdated policy requirement from technical STIG.

z/OS ACF2 STIG, Version 6, Release 41V-6962

Modified Audit requirements from Audit ALL to Audiit FAILURE.

V-6973Updated the Addendum table 11-24: WebSphere MQ Command Security Controls .

V-7120Renamed title modified content to address multiple sign-ons for each user.

Documentation UpdateUpdated Tables 11-19 and11 20: Parameters to Clarify Access for Multi-signons.

z/OS CA MICS for ACF2 STIG, Version 6, Release 4 V-21592

Reworded the Discussion section.

z/OS CA MICS for RACF STIG, Version 6, Release 4 V-21592

Reworded the Discussion section.

z/OS CA MICS for TSS STIG, Version 6, Release 4 V-21592

Reworded the Discussion section.

z/OS IBM CICS Transaction Server for ACF2 STIG, Version 6, Release 5V-17982

Updated Table 11-22: CICS SPI Resources Table to allow developers expanded access.

z/OS IBM CICS Transaction Server for RACF STIG, Version 6, Release 5V-17982

Updated Table 11-22: CICS SPI Resources Table to allow developers expanded access.

z/OS IBM CICS Transaction Server for TSS STIG, Version 6, Release 5V-17982

Updated Table 11-22: CICS SPI Resources Table to allow developers expanded access.

z/OS RACF STIG, Version 6, Release 41V-6962

Modified Audit requirements from Audit ALL to Audiit FAILURE.

V-6973Updated the Addendum table 11-24: WebSphere MQ Command Security Controls.

V-7120Renamed title.

Documentation UpdateUpdated Tables 11-19 and11 20: Parameters to Clarify Access for Multi-signons.

z/OS SRR Scripts, Version 6, Release 41V-84

Corrected invalid dataset name error message.

V-5605Corrected invalid dataset name error message.

V-17982Added Analysis for Production and Test/Development on system.Corrected rule $KEY field not matching resource.

z/OS TSS STIG, Version 6, Release 41V-6962

Modified Audit requirements from Audit ALL to Audiit FAILURE.

V-6973Updated the Addendum table 11-24: WebSphere MQ Command Security Controls.

V-7120Renamed title and modified content to address multiple sign-ons for each user.

V-7555Renamed title.

Documentation UpdateUpdated Tables 11-19 and 11 20: Parameters to Clarify Access for Multi-signons.