| SRG-APP-000516-API-001295 | V1R1 | The API must encode outputs. | Security Requirements Guide - API |
| SRG-APP-000516-API-001300 | V1R1 | The API must use a static type of system. | Security Requirements Guide - API |
| SRG-APP-000516-API-001305 | V1R1 | The API must use Web Application Firewall (WAF). | Security Requirements Guide - API |
| SRG-APP-000516-CTR-000790 | V2R4 | The container platform must provide the configuration for organization-identified individuals or roles to change the auditing to be performed on all components, based on all selectable event criteria within organization-defined time thresholds. | Security Requirements Guide - Container Platform |
| SRG-APP-000416-CTR-001015 | V2R4 | The container platform must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | Security Requirements Guide - Container Platform |
| SRG-APP-000516-CTR-001325 | V2R4 | Container platform components must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs. | Security Requirements Guide - Container Platform |
| SRG-APP-000516-CTR-001330 | V2R4 | The container platform must be able to store and instantiate industry standard container images. | Security Requirements Guide - Container Platform |
| SRG-APP-000516-CTR-001335 | V2R4 | The container platform must continuously scan components, containers, and images for vulnerabilities. | Security Requirements Guide - Container Platform |
| SRG-APP-000516-DNS-000077 | V4R2 | The salt value for zones signed using NSEC3 RRs must be changed every time the zone is completely re-signed. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000078 | V4R2 | The validity period for the RRSIGs covering a zones DNSKEY RRSet must be no less than two days and no more than one week. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000085 | V4R2 | The DNS implementation must ensure each NS record in a zone file points to an active name server authoritative for the domain specified in that record. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000086 | V4R2 | The two files generated by the dnssec-keygen program must be made accessible only to the server administrator account, or deleted, after they have been copied to the key file in the name server. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000088 | V4R2 | All authoritative name servers for a zone must have the same version of zone information. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000090 | V4R2 | Digital signature algorithm used for DNSSEC-enabled zones must be FIPS-compatible. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000091 | V4R2 | For zones split between the external and internal sides of a network, the RRs for the external hosts must be separate from the RRs for the internal hosts. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000092 | V4R2 | In a split DNS configuration, where separate name servers are used between the external and internal networks, the external name server must be configured to not be reachable from inside resolvers. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000093 | V4R2 | In a split DNS configuration, where separate name servers are used between the external and internal networks, the internal name server must be configured to not be reachable from outside resolvers. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000095 | V4R2 | Primary authoritative name servers must be configured to only receive zone transfer requests from specified secondary name servers. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000101 | V4R2 | The DNS implementation must implement internal/external role separation. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000102 | V4R2 | The DNS must utilize valid root name servers in the local root zone file. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000108 | V4R2 | The IP address for hidden master authoritative name servers must not appear in the name servers set in the zone database. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000110 | V4R2 | The platform on which the name server software is hosted must be configured to send outgoing DNS messages from a random port. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000113 | V4R2 | A zone file must not include resource records that resolve to a fully qualified domain name residing in another zone. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-DNS-000500 | V4R2 | The DNS server implementation must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Security Requirements Guide - Domain Name Service |
| SRG-APP-000516-MFP-000195 | V3R4 | The Mainframe Product must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Security Requirements Guide - Mainframe Product |
| SRG-APP-000354-MFP-000136 | V3R4 | The Mainframe Product must provide the capability for authorized users to select a user session to capture/record or view/hear. | Security Requirements Guide - Mainframe Product |
| SRG-APP-000355-MFP-000139 | V3R4 | The Mainframe Product must provide the capability for authorized users to remotely view/hear, in real time, all content related to an established user session from a component separate from the Mainframe Product being monitored. | Security Requirements Guide - Mainframe Product |
| SRG-APP-000516-WSR-000079 | V4R4 | All accounts installed with the web server software and tools must have passwords assigned and default passwords changed. | Security Requirements Guide - Web Server |
| SRG-APP-000516-WSR-000174 | V4R4 | The web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Security Requirements Guide - Web Server |