5.123 - Restrict unauthenticated RPC clients. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
5.124 - Client computers required to authenticate for RPC communication. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - dot1x system-auth-control | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
APPL-12-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
APPL-12-005051 - The macOS system must restrict the ability to utilize external writeable media devices. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
APPL-13-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization. | DISA STIG Apple macOS 13 v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - group | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - host | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) - user | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - group | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - host | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm - user | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - md5 | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp authenticate | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp server | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp server prefer | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol sources using authentication that is cryptographically based - ntp trusted-key | DISA STIG Cisco ASA NDM v2r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
Domain member: Digitally encrypt secure channel data (when possible) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
Domain member: Require strong (Windows 2000 or later) session key | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO279 - Outlook - RPC encryption between Outlook and Exchange server must be enforced. | DISA STIG Office 2010 Outlook v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO279 - RPC encryption between Outlook and Exchange server must be enforced. | DISA STIG Microsoft Outlook 2013 v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO279 - RPC encryption between Outlook and Exchange server must be enforced. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO280 - Outlook - Authentication with Exchange Server must be required. | DISA STIG Office 2010 Outlook v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO280 - Outlook must be configured to force authentication when connecting to an Exchange server. | DISA STIG Microsoft Outlook 2013 v1r13 | Windows | IDENTIFICATION AND AUTHENTICATION |
DTOO280 - Outlook must be configured to force authentication when connecting to an Exchange server. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
ESXI-80-000145 The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
FGFW-ND-000210 - The FortiGate device must authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC) | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
FGFW-ND-000215 - The FortiGate device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
Hardened UNC Paths - \\*\SYSVOL | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
JUEX-NM-000480 - The Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA Juniper EX Series Network Device Management v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
JUEX-NM-000490 - The Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
Microsoft network server: Digitally sign communications (always) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv1 | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv2c | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
SYMP-NM-000240 - Symantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used. - snmpv3 | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
VCSA-70-000253 - The vCenter server must enforce SNMPv3 security features where SNMP is required. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
VCSA-70-000265 - The vCenter server must disable SNMPv1/2 receivers. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
VCSA-80-000253 The vCenter server must enforce SNMPv3 security features where SNMP is required. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
VCSA-80-000265 The vCenter server must disable SNMPv1/2 receivers. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-001120 - WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, network connection | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-001120 - WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, network connection | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-001120 - WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, network connection | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
WN11-CC-000165 - Unauthenticated RPC clients must be restricted from connecting to the RPC server. | DISA Windows 11 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
WN22-MS-000040 - Windows Server 2022 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems. | DISA Windows Server 2022 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
WN22-SO-000090 - Windows Server 2022 computer account password must not be prevented from being reset. | DISA Windows Server 2022 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |