| 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly | CIS Cisco Firewall ASA 8 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.8.5 Verify no legacy '+' entries exist in passwd and group files '/etc/passwd' | CIS HP-UX 11i v1.5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Ensure required packages for multifactor authentication are installed - esc | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Ensure required packages for multifactor authentication are installed - pam_pkcs11 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB L1 Unix Audit v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Ensure an industry standard authentication mechanism is used - mode | CIS MongoDB L2 Windows Audit v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.5.4 Ensure Radius or TACACS+ server is configured - tacacs-servers state on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 2.6.3 - NIS - remove NIS markers from password and group files - '/etc/group does not include NIS + entries' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.13 Set 'Allow access to voicemail without requiring a PIN' to 'False' | CIS Microsoft Exchange Server 2016 UM v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.13 Enable server-based authentication | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.13 Enable server-based authentication | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.1.16 Enable server-based authentication - 'srvcon_auth = server' | CIS IBM DB2 OS L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Use Active Directory for local user authentication - Enabled = 'true' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Use Active Directory for local user authentication - Review Domain | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.4.1.3 NIS - remove NIS markers from password and group files | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Create custom authselect profile | CIS Red Hat EL8 Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2.5 Ensure pam_unix module is enabled | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2.5 Ensure pam_unix module is enabled | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwd | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS SUSE Linux Enterprise Server 12 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.10.15.5 (L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.11 Ensure 'Active Directory user accounts are configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT)' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 5.18: Use of the NIS security mechanisms: The file /etc/passwd must not contain the entry +::0:0::: | BSI-100-2 Red Hat Linux 2005 | Unix | IDENTIFICATION AND AUTHENTICATION |
| BSI-100-2: S 5.18: Use of the NIS security mechanisms: The password file /etc/passwd must not contain the entry +::0:0::: | BSI-100-2 Red Hat Linux 2005 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXi : enable-ad-auth | VMWare vSphere 5.X Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXi : enable-ad-auth | VMWare vSphere 6.5 Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| FireEye - AAA is enabled | TNS FireEye | FireEye | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - AAA - RADIUS server is trusted | TNS Fortigate FortiOS Best Practices | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - AAA - RADIUS server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT' | IBM System i Security Reference for V7R2 | AS/400 | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - AAA - netconf logging | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - AAA - netconf logging | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Admin Authentication Order | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Server IP | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Server IP | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce Smartcard Authentication | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| NET0433 - Device not authenticated by AAA server - 'line con - authentication @AAA_LOGIN_LIST@' | DISA STIG Cisco Perimeter Router v8r8 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Require Authentication - config - 'auth = true' | TNS MongoDB 2.4 Best Practices Windows OS Audit v1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Require Authentication - DB Users - 'User authenticated by MONGODB-CR' | TNS MongoDB 2.x Best Practices Database Audit v1.0 | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| Restrict Unauthenticated RPC clients | MSCT Windows Server 2022 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| ScreenOS:Authorization Server - Default | TNS Juniper ScreenOS Best Practices Audit | Juniper | IDENTIFICATION AND AUTHENTICATION |
