STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-4 — Information in Shared System Resources

CCI-001090

Definition

Prevent unauthorized and unintended information transfer via shared system resources.

Parent Control

SC-4Information in Shared System ResourcesSystem and Communications Protection

Linked STIG Checks (200)

V-274001CAT IIAmazon Linux 2023 must restrict access to the kernel message buffer.Amazon Linux 2023 Security Technical Implementation Guide V-274002CAT IIAmazon Linux 2023 must prevent kernel profiling by nonprivileged users.Amazon Linux 2023 Security Technical Implementation Guide V-274164CAT IIAmazon Linux 2023 must ensure a sticky bit be set on all public directories.Amazon Linux 2023 Security Technical Implementation Guide V-274165CAT IIAmazon Linux 2023 must ensure all world-writable directories be owned by root, sys, bin, or an application user.Amazon Linux 2023 Security Technical Implementation Guide V-268140CAT IIA sticky bit must be set on all NixOS public directories to prevent unauthorized and unintended information transferred via shared system resources.Anduril NixOS Security Technical Implementation Guide V-254579CAT IIApple iOS/iPadOS 16 must not allow backup to remote systems (iCloud).Apple iOS-iPadOS 16 Security Technical Implementation Guide V-254600CAT IIApple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-250920CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250921CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud document and data synchronization).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250922CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Keychain).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250923CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (My Photo Stream).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250924CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250925CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (managed applications data stored in iCloud).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250926CAT IIApple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books).Apple iOS/iPadOS 15 Security Technical Implementation Guide V-250941CAT IIApple iOS/iPadOS 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-257117CAT IIApple iOS/iPadOS 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-259774CAT IIApple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258332CAT IIApple iOS/iPadOS 17 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-259186CAT IIApple iOS/iPadOS 17 must not allow backup to remote systems (iCloud).Apple iOS/iPadOS 17 Security Technical Implementation Guide V-267958CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (iCloud).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267959CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (iCloud document and data synchronization).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267960CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Keychain).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267961CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (Cloud Photo Library).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267962CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267963CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (managed applications data stored in iCloud).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267964CAT IIApple iOS/iPadOS 18 must not allow backup to remote systems (enterprise books).Apple iOS/iPadOS 18 Security Technical Implementation Guide V-268013CAT IIApple iOS/iPadOS 18 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-268056CAT IIApple iOS/iPadOS 18 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278718CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (iCloud).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278719CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (iCloud document and data synchronization).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278720CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (iCloud Keychain).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278721CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (Cloud Photo Library).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278722CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Stream or Shared Photo Stream).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278723CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (managed applications data stored in iCloud).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278724CAT IIApple iOS/iPadOS 26 must not allow backup to remote systems (enterprise books).Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278773CAT IIApple iOS/iPadOS 26 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278815CAT IIApple iOS/iPadOS 26 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-276375CAT IIApple visionOS 2 must not allow backup to remote systems (iCloud).Apple visionOS 2 Security Technical Implementation Guide V-276376CAT IIApple visionOS 2 must not allow backup to remote systems (iCloud document and data synchronization).Apple visionOS 2 Security Technical Implementation Guide V-276377CAT IIApple visionOS 2 must not allow backup to remote systems (iCloud Keychain).Apple visionOS 2 Security Technical Implementation Guide V-276378CAT IIApple visionOS 2 must not allow backup to remote systems (Cloud Photo Library).Apple visionOS 2 Security Technical Implementation Guide V-276379CAT IIApple visionOS 2 must not allow backup to remote systems (managed applications data stored in iCloud).Apple visionOS 2 Security Technical Implementation Guide V-282784CAT IIApple visionOS 26 must not allow backup to remote systems (iCloud).Apple visionOS 26 Security Technical Implementation Guide V-282785CAT IIApple visionOS 26 must not allow backup to remote systems (iCloud document and data synchronization).Apple visionOS 26 Security Technical Implementation Guide V-282786CAT IIApple visionOS 26 must not allow backup to remote systems (iCloud Keychain).Apple visionOS 26 Security Technical Implementation Guide V-282787CAT IIApple visionOS 26 must not allow backup to remote systems (Cloud Photo Library).Apple visionOS 26 Security Technical Implementation Guide V-282788CAT IIApple visionOS 26 must not allow backup to remote systems (managed applications data stored in iCloud).Apple visionOS 26 Security Technical Implementation Guide V-222592CAT IIApplications must prevent unauthorized and unintended information transfer via shared system resources.Application Security and Development Security Technical Implementation Guide V-272422CAT IIA BIND 9.x server implementation must be running in a chroot(ed) directory structure.BIND 9.x Security Technical Implementation Guide V-251618CAT IIIDMS must prevent unauthorized and unintended information transfer via database buffers.CA IDMS Security Technical Implementation Guide V-219187CAT IIThe Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-255907CAT IIIThe Ubuntu operating system must restrict access to the kernel message buffer.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238332CAT IIThe Ubuntu operating system must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-255913CAT IIIThe Ubuntu operating system must restrict access to the kernel message buffer.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260472CAT IIIUbuntu 22.04 LTS must restrict access to the kernel message buffer.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260513CAT IIUbuntu 22.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270749CAT IIIUbuntu 24.04 LTS must restrict access to the kernel message buffer.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270750CAT IIUbuntu 24.04 LTS must set a sticky bit on all public directories to prevent unauthorized and unintended information transferred via shared system resources.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-269425CAT IIAlmaLinux OS 9 must restrict access to the kernel message buffer.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269426CAT IIAlmaLinux OS 9 must prevent kernel profiling by nonprivileged users.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269432CAT IIAny AlmaLinux OS 9 world-writable directories must be owned by root, sys, bin, or an application user.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269433CAT IIA sticky bit must be set on all AlmaLinux OS 9 public directories.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233127CAT IIThe container platform must prohibit containers from accessing privileged resources.Container Platform Security Requirements Guide V-233128CAT IIThe container platform must prevent unauthorized and unintended information transfer via shared system resources.Container Platform Security Requirements Guide V-233616CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Crunchy Data PostgreSQL Security Technical Implementation Guide V-233617CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261903CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Crunchy Data Postgres 16 Security Technical Implementation Guide V-261904CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206572CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Database Security Requirements Guide V-206573CAT IIThe DBMS must prevent unauthorized and unintended information transfer via shared system resources.Database Security Requirements Guide V-206574CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.Database Security Requirements Guide V-235781CAT IIA policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235782CAT IIA policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205188CAT IIThe DNS server implementation must prevent unauthorized and unintended information transfer via shared system resources.Domain Name System (DNS) Security Requirements Guide V-279956CAT IICNAME records must not point to a zone with lesser security for more than six months.Domain Name System (DNS) Security Requirements Guide V-224180CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-224181CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213606CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-213607CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259261CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data transfer policy.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-259262CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-203657CAT IIOperating systems must prevent unauthorized and unintended information transfer via shared system resources.General Purpose Operating System Security Requirements Guide V-258486CAT IIGoogle Android 13 must be configured to not allow backup of all work profile applications to remote systems.Google Android 13 BYOAD Security Technical Implementation Guide V-254779CAT IIGoogle Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 13 COPE Security Technical Implementation Guide V-254780CAT IIGoogle Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 13 COPE Security Technical Implementation Guide V-254799CAT IIIGoogle Android 13 must allow only the Administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 13 COPE Security Technical Implementation Guide V-258392CAT IIGoogle Android 14 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 14 COBO Security Technical Implementation Guide V-258393CAT IIGoogle Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 14 COBO Security Technical Implementation Guide V-258407CAT IIIGoogle Android 14 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 14 COBO Security Technical Implementation Guide V-258423CAT IIGoogle Android 14 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 14 COPE Security Technical Implementation Guide V-258424CAT IIGoogle Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 14 COPE Security Technical Implementation Guide V-258443CAT IIIGoogle Android 14 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 14 COPE Security Technical Implementation Guide V-260149CAT IIGoogle Android 14 must be configured to not allow backup of all work profile applications to remote systems.Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-267445CAT IIGoogle Android 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 15 COBO Security Technical Implementation Guide V-267446CAT IIGoogle Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 15 COBO Security Technical Implementation Guide V-267464CAT IIIGoogle Android 15 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 15 COBO Security Technical Implementation Guide V-267540CAT IIGoogle Android 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 15 COPE Security Technical Implementation Guide V-267541CAT IIGoogle Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 15 COPE Security Technical Implementation Guide V-267562CAT IIIGoogle Android 15 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 15 COPE Security Technical Implementation Guide V-276763CAT IIGoogle Android 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 16 COBO Security Technical Implementation Guide V-276764CAT IIGoogle Android 16 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 16 COBO Security Technical Implementation Guide V-276782CAT IIIGoogle Android 16 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 16 COBO Security Technical Implementation Guide V-276865CAT IIGoogle Android 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Google Android 16 COPE Security Technical Implementation Guide V-276866CAT IIGoogle Android 16 must be configured to not allow backup of [all applications, configuration data] to remote systems.Google Android 16 COPE Security Technical Implementation Guide V-276887CAT IIIGoogle Android 16 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.Google Android 16 COPE Security Technical Implementation Guide V-274305CAT IIHoneywell Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Honeywell Android 13 COBO Security Technical Implementation Guide V-274306CAT IIHoneywell Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.Honeywell Android 13 COBO Security Technical Implementation Guide V-274400CAT IIHoneywell Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Honeywell Android 13 COPE Security Technical Implementation Guide V-274401CAT IIHoneywell Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.Honeywell Android 13 COPE Security Technical Implementation Guide V-213708CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-213709CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-223515CAT IIACF2 AUTOERAS GSO record value must be set to indicate that ACF2 is controlling the automatic physical erasure of VSAM or non VSAM data sets.IBM z/OS ACF2 Security Technical Implementation Guide V-223570CAT IIIBM z/OS sensitive and critical system data sets must not exist on shared DASD.IBM z/OS ACF2 Security Technical Implementation Guide V-223731CAT IIThe IBM RACF ERASE ALL SETROPTS value must be set to ERASE(ALL) on all systems.IBM z/OS RACF Security Technical Implementation Guide V-251107CAT IIIBM z/OS sensitive and critical system data sets must not exist on shared DASDs.IBM z/OS RACF Security Technical Implementation Guide V-223955CAT IIThe CA-TSS AUTOERASE Control Option must be set to ALL for all systems.IBM z/OS TSS Security Technical Implementation Guide V-224010CAT IIIBM z/OS sensitive and critical system data sets must not exist on shared DASD.IBM z/OS TSS Security Technical Implementation Guide V-237924CAT IIThe IBM z/VM SYSTEM CONFIG file must be configured to clear TDISK on IPL.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-213775CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MS SQL Server 2014 Database Security Technical Implementation Guide V-213863CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213915CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MS SQL Server 2016 Database Security Technical Implementation Guide V-213975CAT IISQL Server must prevent unauthorized and unintended information transfer via shared system resources.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213976CAT IISQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).MS SQL Server 2016 Instance Security Technical Implementation Guide V-213977CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.MS SQL Server 2016 Instance Security Technical Implementation Guide V-253711CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MariaDB Enterprise 10.x Security Technical Implementation Guide V-253712CAT IIMariaDB must prevent unauthorized and unintended information transfer via shared system resources.MariaDB Enterprise 10.x Security Technical Implementation Guide V-253713CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220373CAT IIAccess to MarkLogic Server files must be limited to relevant processes and to authorized, administrative users.MarkLogic Server v9 Security Technical Implementation Guide V-255309CAT IIAzure SQL Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Microsoft Azure SQL Database Security Technical Implementation Guide V-276229CAT IIAzure SQL Managed Instance contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-271173CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data transfer policy.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-271327CAT IISQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271328CAT IISQL Server must prevent unauthorized and unintended information transfer via shared system resources.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271329CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220710CAT IINon system-created file shares on a system must limit access to groups that require it.Microsoft Windows 10 Security Technical Implementation Guide V-220823CAT ISolicited Remote Assistance must not be allowed.Microsoft Windows 10 Security Technical Implementation Guide V-220849CAT IILocal drives must be prevented from sharing with Remote Desktop Session Hosts.Microsoft Windows 10 Security Technical Implementation Guide V-220902CAT IIWindows 10 Kernel (Direct Memory Access) DMA Protection must be enabled.Microsoft Windows 10 Security Technical Implementation Guide V-220930CAT IAnonymous enumeration of shares must be restricted.Microsoft Windows 10 Security Technical Implementation Guide V-220932CAT IAnonymous access to Named Pipes and Shares must be restricted.Microsoft Windows 10 Security Technical Implementation Guide V-253267CAT IINon-system-created file shares on a system must limit access to groups that require it.Microsoft Windows 11 Security Technical Implementation Guide V-253382CAT ISolicited Remote Assistance must not be allowed.Microsoft Windows 11 Security Technical Implementation Guide V-253403CAT IILocal drives must be prevented from sharing with Remote Desktop Session Hosts.Microsoft Windows 11 Security Technical Implementation Guide V-253454CAT IAnonymous enumeration of shares must be restricted.Microsoft Windows 11 Security Technical Implementation Guide V-253456CAT IAnonymous access to Named Pipes and Shares must be restricted.Microsoft Windows 11 Security Technical Implementation Guide V-224841CAT IINon-system-created file shares on a system must limit access to groups that require it.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224945CAT IILocal drives must be prevented from sharing with Remote Desktop Session Hosts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224975CAT IIData files owned by users must be on a different logical partition from the directory server data files.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225046CAT IAnonymous enumeration of shares must not be allowed.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225048CAT IAnonymous access to Named Pipes and Shares must be restricted.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205721CAT IIWindows Server 2019 non-system-created file shares must limit access to groups that require it.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205722CAT IIWindows Server 2019 Remote Desktop Services must prevent drive redirection.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205723CAT IIWindows Server 2019 data files owned by users must be on a different logical partition from the directory server data files.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205724CAT IWindows Server 2019 must not allow anonymous enumeration of shares.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205725CAT IWindows Server 2019 must restrict anonymous access to Named Pipes and Shares.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254260CAT IIWindows Server 2022 nonsystem-created file shares must limit access to groups that require it.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254366CAT IIWindows Server 2022 Remote Desktop Services must prevent drive redirection.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254396CAT IIWindows Server 2022 data files owned by users must be on a different logical partition from the directory server data files.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254467CAT IWindows Server 2022 must not allow anonymous enumeration of shares.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254469CAT IWindows Server 2022 must restrict anonymous access to Named Pipes and Shares.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278007CAT IIWindows Server 2025 nonsystem-created file shares must limit access to groups that require it.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278113CAT IIWindows Server 2025 Remote Desktop Services must prevent drive redirection.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278143CAT IIWindows Server 2025 data files owned by users must be on a different logical partition from the directory server data files.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278217CAT IWindows Server 2025 must not allow anonymous enumeration of shares.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278219CAT IWindows Server 2025 must restrict anonymous access to Named Pipes and Shares.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260934CAT IIAll containers must be restricted from acquiring additional privileges.Mirantis Kubernetes Engine Security Technical Implementation Guide V-260935CAT IIHost IPC namespace must not be shared.Mirantis Kubernetes Engine Security Technical Implementation Guide V-221179CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-221180CAT IIMongoDB must prevent unauthorized and unintended information transfer via shared system resources.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252142CAT IIMongoDB must prevent unauthorized and unintended information transfer via shared system resources.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-252166CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265927CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-265928CAT IIMongoDB must prevent unauthorized and unintended information transfer via shared system resources.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279363CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-279364CAT IIAccess to database files must be limited to relevant processes and to authorized, administrative users.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-272186CAT IIMotorola Solutions Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Motorola Solutions Android 13 COBO Security Technical Implementation Guide V-272187CAT IIMotorola Solutions Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.Motorola Solutions Android 13 COBO Security Technical Implementation Guide V-272332CAT IIMotorola Solutions Android 13 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.Motorola Solutions Android 13 COPE Security Technical Implementation Guide V-272333CAT IIMotorola Solutions Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems.Motorola Solutions Android 13 COPE Security Technical Implementation Guide V-254226CAT IINutanix AOS must be configured to restrict public directories.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279624CAT IIOperating systems must prevent unauthorized and unintended information transfer via shared system resources.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219783CAT IIThe DBMS must prevent unauthorized and unintended information transfer via shared system resources.Oracle Database 11.2g Security Technical Implementation Guide V-238443CAT IIThe DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.Oracle Database 11.2g Security Technical Implementation Guide V-238457CAT IIDBMS backup and restoration files must be protected from unauthorized access.Oracle Database 11.2g Security Technical Implementation Guide V-220299CAT IIThe DBMS must prevent unauthorized and unintended information transfer via shared system resources.Oracle Database 12c Security Technical Implementation Guide V-237708CAT IIThe DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.Oracle Database 12c Security Technical Implementation Guide V-237722CAT IIDBMS backup and restoration files must be protected from unauthorized access.Oracle Database 12c Security Technical Implementation Guide V-270577CAT IIOracle Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Oracle Database 19c Security Technical Implementation Guide V-270578CAT IIAccess to Oracle Database files must be limited to relevant processes and to authorized, administrative users.Oracle Database 19c Security Technical Implementation Guide V-255901CAT IIIThe Oracle Linux operating system must restrict access to the kernel message buffer.Oracle Linux 7 Security Technical Implementation Guide V-248551CAT IIA sticky bit must be set on all OL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.Oracle Linux 8 Security Technical Implementation Guide V-248579CAT IIIOL 8 must restrict access to the kernel message buffer.Oracle Linux 8 Security Technical Implementation Guide V-248580CAT IIIOL 8 must prevent kernel profiling by nonprivileged users.Oracle Linux 8 Security Technical Implementation Guide V-271745CAT IIOL 9 must restrict access to the kernel message buffer.Oracle Linux 9 Security Technical Implementation Guide V-271746CAT IIOL 9 must prevent kernel profiling by nonprivileged users.Oracle Linux 9 Security Technical Implementation Guide V-271779CAT IIOL 9 must be configured so that a sticky bit must be set on all public directories.Oracle Linux 9 Security Technical Implementation Guide V-271785CAT IIOL 9 world-writable directories must be owned by root, sys, bin, or an application user.Oracle Linux 9 Security Technical Implementation Guide V-235152CAT IIDatabase contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.Oracle MySQL 8.0 Security Technical Implementation Guide