| 1.1.3.14.1 Configure 'System cryptography: Force strong key protection for user keys stored on the computer' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003004 - AIX SSH private host key files must have mode 0600 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-067035 - The macOS system must enable certificate for smartcards. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPNET0052 - Encryption keys used for the .NET Strong Name Membership Condition must be protected. | DISA STIG for Microsoft Dot Net Framework 4.0 v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| BIND-9X-001110 - The TSIG keys used with the BIND 9.x implementation must be owned by a privileged account. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| BIND-9X-001112 - The read and write access to a TSIG key file used by a BIND 9.x server must be restricted to only the account that runs the name server software. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| BIND-9X-001150 - The BIND 9.x server signature generation using the KSK must be done off-line, using the KSK-private key stored off-line. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-002380 - The certificate chain used by Universal Control Plane (UCP) client bundles must match what is defined in the System Security Plan (SSP) in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/used by the EDB Postgres Advanced Server. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000360 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003100 - MongoDB must enforce authorized access to all PKI private keys stored/utilized by MongoDB. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to High | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 12c v3r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 12c v3r1 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010100 - OL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010100 - RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611190 - RHEL 9, for PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v3r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| VCFL-67-000018 - vSphere Client must ensure appropriate permissions are set on the keystore. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-67-000025 - VAMI must protect the keystore from unauthorized access. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000017 - VAMI must protect the keystore from unauthorized access - MIME that invoke OS shell programs disabled. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-80-000040 The vCenter VAMI service must restrict access to the web server's private key. | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-67-000014 - VMware Postgres must enforce authorized access to all PKI private keys. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-70-000012 - VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCRP-67-000007 - The rhttpproxy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCRP-70-000005 - The Envoy private key file must be protected from unauthorized access. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001230 - The WebSphere Application Server default keystore passwords must be changed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000006 - The Windows 2012 DNS Server must be configured to enforce authorized access to the corresponding private key. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000007 - The Windows 2012 DNS Server key file must be owned by the account under which the Windows 2012 DNS Server service is run. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000008 - The Windows 2012 DNS Server permissions must be set so that the key file can only be read or modified by the account that runs the name server software. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-SO-000420 - Users must be required to enter a password to access private keys stored on the computer. | DISA Windows Server 2016 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-SO-000350 - Windows Server 2019 users must be required to enter a password to access private keys stored on the computer. | DISA Windows Server 2019 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-SO-000350 - Windows Server 2022 users must be required to enter a password to access private keys stored on the computer. | DISA Windows Server 2022 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
