Deprecated STIG Rules
These rules were removed when a newer STIG version was uploaded. Rules with linked findings cannot be deleted. You can remap a deprecated rule's findings to a different V-ID if the rule was consolidated or renumbered.
41 deprecated rule(s)
18 with linked findings
Superseded Benchmarks
Active Directory Domain Security Technical Implementation Guide V3R5 — superseded
Cisco IOS XE Router NDM Security Technical Implementation Guide V3R5 — superseded
Cisco IOS XE Router RTR Security Technical Implementation Guide V3R4 — superseded
Database Security Requirements Guide V4R3 — superseded
Database Security Requirements Guide V4R4 — superseded
MS SQL Server 2016 Database Security Technical Implementation Guide V3R3 — superseded
MS SQL Server 2016 Instance Security Technical Implementation Guide V3R5 — superseded
Microsoft DotNet Framework 4.0 Security Technical Implementation Guide V2R7 — superseded
Microsoft Edge Security Technical Implementation Guide V2R3 — superseded
Microsoft Edge Security Technical Implementation Guide V2R4 — superseded
Microsoft IIS 10.0 Server Security Technical Implementation Guide V3R4 — superseded
Microsoft IIS 10.0 Server Security Technical Implementation Guide V3R6 — superseded
Microsoft IIS 10.0 Site Security Technical Implementation Guide V2R12 — superseded
Microsoft IIS 10.0 Site Security Technical Implementation Guide V2R14 — superseded
Microsoft Office 365 ProPlus Security Technical Implementation Guide V3R3 — superseded
Microsoft Office 365 ProPlus Security Technical Implementation Guide V3R4 — superseded
Microsoft Windows 10 Security Technical Implementation Guide V3R4 — superseded
Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V2R3 — superseded
Mozilla Firefox Security Technical Implementation Guide V6R6 — superseded
Network Device Management Security Requirements Guide V5R3 — superseded
Traditional Security Checklist V2R6 — superseded
Traditional Security Checklist - CMD V1RCMD — superseded
VMware vSphere 8.0 ESXi Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 Virtual Machine Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance Envoy Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V1R1 — superseded
VMware vSphere 8.0 vCenter Security Technical Implementation Guide V1R1 — superseded
| V-ID | Title | Severity | Old Benchmark | Findings | Actions |
|---|---|---|---|---|---|
| V-213927 | SQL Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | CAT I | MS SQL Server 2016 Database Security Technical Implementation Guide V3 R3 | 5 | |
| V-214022 | SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | CAT I | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214023 | SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | CAT I | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-220726 | Data Execution Prevention (DEP) must be configured to at least OptOut. | CAT I | Microsoft Windows 10 Security Technical Implementation Guide V3 R4 | 2 | |
| V-265854 | DBMS products must be a version supported by the vendor. | CAT I | Database Security Requirements Guide V4 R3 | 0 | |
| V-213906 | SQL Server must limit privileges to change software modules, to include stored procedures, functions, and triggers. | CAT II | MS SQL Server 2016 Database Security Technical Implementation Guide V3 R3 | 5 | |
| V-213918 | SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in storage. | CAT II | MS SQL Server 2016 Database Security Technical Implementation Guide V3 R3 | 5 | |
| V-213920 | SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | CAT II | MS SQL Server 2016 Database Security Technical Implementation Guide V3 R3 | 5 | |
| V-213923 | SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | CAT II | MS SQL Server 2016 Database Security Technical Implementation Guide V3 R3 | 5 | |
| V-213962 | SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-213963 | SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-213971 | SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-213990 | SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-213995 | SQL Server must be able to generate audit records when successful and unsuccessful attempts to access security objects occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-213998 | SQL Server must generate audit records when successful and unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214006 | SQL Server must generate audit records when successful and unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214010 | SQL Server must generate audit records when successful and unsuccessful attempts to delete security objects occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214012 | SQL Server must generate audit records when successful and unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214015 | SQL Server must generate audit records for all privileged activities or other system-level access. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214016 | SQL Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214017 | SQL Server must generate audit records showing starting and ending time for user access to the database(s). | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214018 | SQL Server must generate audit records when concurrent logons/connections by the same user from different workstations occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214020 | SQL Server must generate audit records when successful and unsuccessful accesses to objects occur. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-214024 | SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. | CAT II | MS SQL Server 2016 Instance Security Technical Implementation Guide V3 R5 | 0 | |
| V-218735 | The IIS 10.0 website session state must be enabled. | CAT II | Microsoft IIS 10.0 Site Security Technical Implementation Guide V2 R12 | 3 | |
| V-218790 | The log information from the IIS 10.0 web server must be protected from unauthorized modification or deletion. | CAT II | Microsoft IIS 10.0 Server Security Technical Implementation Guide V3 R6 | 3 | |
| V-218809 | The IIS 10.0 web server Indexing must only index web content. | CAT II | Microsoft IIS 10.0 Server Security Technical Implementation Guide V3 R6 | 3 | |
| V-220735 | Bluetooth must be turned off when not in use. | CAT II | Microsoft Windows 10 Security Technical Implementation Guide V3 R4 | 4 | |
| V-220908 | The built-in administrator account must be disabled. | CAT II | Microsoft Windows 10 Security Technical Implementation Guide V3 R4 | 4 | |
| V-259369 | The Windows DNS Server permissions must be set so the key file can only be read or modified by the account that runs the name server software. | CAT II | Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V2 R3 | 1 | |
| V-259413 | The DNS Name Server software must run with restricted privileges. | CAT II | Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V2 R3 | 1 | |
| V-265974 | The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions. | CAT II | VMware vSphere 8.0 ESXi Security Technical Implementation Guide V2 R3 | 0 | |
| V-265975 | The ESXi host must disable key persistence. | CAT II | VMware vSphere 8.0 ESXi Security Technical Implementation Guide V2 R3 | 0 | |
| V-265976 | The ESXi host must deny shell access for the dcui account. | CAT II | VMware vSphere 8.0 ESXi Security Technical Implementation Guide V2 R3 | 0 | |
| V-265977 | The ESXi host must disable virtual hardware management network interfaces. | CAT II | VMware vSphere 8.0 ESXi Security Technical Implementation Guide V2 R3 | 0 | |
| V-266136 | The vCenter STS service deployXML attribute must be disabled. | CAT II | VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V2 R1 | 0 | |
| V-278356 | Connected experiences that analyze content must be disabled. | CAT II | Microsoft Office 365 ProPlus Security Technical Implementation Guide V3 R4 | 2 | |
| V-278357 | Connected experiences that download online content must be disabled. | CAT II | Microsoft Office 365 ProPlus Security Technical Implementation Guide V3 R4 | 2 | |
| V-278358 | Additional optional connected experiences must be disabled. | CAT II | Microsoft Office 365 ProPlus Security Technical Implementation Guide V3 R4 | 2 | |
| V-278359 | Connected experiences must be disabled. | CAT II | Microsoft Office 365 ProPlus Security Technical Implementation Guide V3 R4 | 2 | |
| V-241788 | HTTPAPI Server version must be removed from the HTTP Response Header information. | CAT III | Microsoft IIS 10.0 Server Security Technical Implementation Guide V3 R4 | 2 |