IAVA / IAVB / IAVT references
- 2001-B-0001 IAVB 24 rules
- 2008-A-0045 IAVA 2 rules
- 2010-A-0132 IAVA 2 rules
IAVMs & CTOs
that survived publication.
Specific bulletin IDs DISA chose to embed in STIG XML — either as YYYY-A-NNNN IAVA-format references, or as Cyber Tasking Order numbers (CTOnnnn). The list is small because nearly all bulletin distribution happens behind CAC, but every entry links back to the rule that cites it.
IAVA-format IDs
3
distinct
YYYY-A-NNNN references
Cyber Tasking Orders
1
distinct
CTOnnnn references
Prose-only mentions
710
rules say "IAVA" without naming a specific bulletin
Cyber Tasking Orders
CTOs are USCYBERCOM directives. They appear in older STIGs and remain referenced in current ones for legacy reasons.
- CTO0715 CTO 2 rules
Scan run across 3,971 STIG and 452 SCAP XML files.