| 5.043 - Terminal Services is not configured with the client connection encryption set to the required level. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL, MAINTENANCE |
| AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api http | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | MAINTENANCE |
| AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | MAINTENANCE |
| AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - telnet | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | MAINTENANCE |
| APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Big Sur - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - group | DISA STIG Cisco ASA NDM v2r1 | Cisco | MAINTENANCE |
| CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - host | DISA STIG Cisco ASA NDM v2r1 | Cisco | MAINTENANCE |
| CASA-ND-001140 - The Cisco ASA must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of non-local maintenance and diagnostic communications - user | DISA STIG Cisco ASA NDM v2r1 | Cisco | MAINTENANCE |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | MAINTENANCE |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS XE Router NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco NX-OS Switch NDM v3r1 | Cisco | MAINTENANCE |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| FGFW-ND-000260 - The FortiGate devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| JUEX-NM-000510 - The Juniper EX switches must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | MAINTENANCE |
| JUNI-ND-001190 - The Juniper router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Juniper Router NDM v3r1 | Juniper | MAINTENANCE |
| JUSX-DM-000146 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| JUSX-DM-000147 - For nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configure SSHv2 Message Authentication Code (MAC) algorithms to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | MAINTENANCE |
| Monterey - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Monterey - Limit SSHD to FIPS Compliant Connections | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-NM-000117 - The Palo Alto Networks security platform must only allow the use of secure protocols that implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications for nonlocal maintenance sessions. | DISA STIG Palo Alto NDM v3r1 | Palo_Alto | MAINTENANCE |
| RHEL-09-672010 - RHEL 9 must have the crypto-policies package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-672020 - RHEL 9 crypto policy must not be overridden. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-672045 - RHEL 9 must implement a systemwide encryption policy. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000300 - The Symantec ProxySG must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | MAINTENANCE |
| UBTU-16-030240 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, MAINTENANCE |
| UBTU-18-010417 - The Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, MAINTENANCE |
| UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-255055 - Ubuntu 22.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3-approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000290 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows 10 STIG v3r2 | Windows | ACCESS CONTROL, MAINTENANCE |
| WN10-CC-000335 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows 10 STIG v3r2 | Windows | MAINTENANCE |
| WN10-CC-000350 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows 10 STIG v3r2 | Windows | MAINTENANCE |
| WN11-CC-000335 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows 11 STIG v2r2 | Windows | MAINTENANCE |
| WN12-CC-000100 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, MAINTENANCE |
| WN12-CC-000100 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, MAINTENANCE |
| WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000127 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000127 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | MAINTENANCE |
| WN16-CC-000510 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2016 STIG v2r9 | Windows | MAINTENANCE |
| WN16-CC-000540 - The Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows Server 2016 STIG v2r9 | Windows | MAINTENANCE |
| WN19-CC-000480 - Windows Server 2019 Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2019 STIG v3r2 | Windows | MAINTENANCE |
| WN19-CC-000510 - Windows Server 2019 Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows Server 2019 STIG v3r2 | Windows | MAINTENANCE |
| WN22-CC-000480 - Windows Server 2022 Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2022 STIG v2r2 | Windows | MAINTENANCE |
| WN22-CC-000510 - Windows Server 2022 Windows Remote Management (WinRM) service must not allow unencrypted traffic. | DISA Windows Server 2022 STIG v2r2 | Windows | MAINTENANCE |
