| 1.23 OL08-00-010159 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.24 OL08-00-010160 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.25 OL08-00-010161 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.26 OL08-00-010162 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.236 WN22-SO-000290 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.236 WN22-SO-000290 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-007400 - The Apple iOS/iPadOS 18 allow list must be configured to not include applications with the following characteristics: - Backs up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmits MD diagnostic data to non-DOD servers; - Allows synchronization of data or applications between devices associated with user; - Allows unencrypted (or encrypted but not FIPS 140-3 validated) data sharing with other MDs or printers; - Backs up its own data to a remote system; and - Uses artificial intelligence (AI), which processes data in the cloud (off device). Exception: Apple Intelligence Private Cloud Compute (PCC) - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-26-007200 - Apple iOS/iPadOS 26 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-26-007200 - Apple iOS/iPadOS 26 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-26-007400 - Apple iOS/iPadOS 26 allow list must be configured to not include applications with the following characteristics | AirWatch - DISA Apple iOS/iPadOS 26 v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-26-007400 - Apple iOS/iPadOS 26 allow list must be configured to not include applications with the following characteristics | MobileIron - DISA Apple iOS/iPadOS 26 v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039510 - The libreswan package must be installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039620 - AlmaLinux OS 9 must have the packages required for encrypting offloaded audit logs installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AZLX-23-001105 - Amazon Linux 2023 must have the libreswan package installed. | DISA Amazon Linux 2023 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000230 - The Cisco ASA must be configured to use FIPS-validated SHA-2 at 384 bits or higher for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000255 - The FortiGate device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006750 - Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini. | MobileIron - DISA Google Android 15 COBO STIG v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006700 - Google Android 16 allowlist must be configured to not include applications with the following characteristics: | AirWatch - DISA Google Android 16 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006700 - Google Android 16 allowlist must be configured to not include applications with the following characteristics: | MobileIron - DISA Google Android 16 COBO STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006700 - Honeywell Android 13 allowlist must be configured to not include applications with the following characteristics: | AirWatch - DISA Honeywell Android 13 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-006700 - Honeywell Android 13 allowlist must be configured to not include applications with the following characteristics: | MobileIron - DISA Honeywell Android 13 COPE STIG v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000340 - The Juniper EX switch must be configured to use FIPS 140-2/140-3-validated algorithms for authentication to a cryptographic module. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000290 - The Juniper router must be configured to use encryption for routing protocol authentication. | DISA Juniper EX Series Router v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000300 - The Juniper router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA Juniper EX Series Router v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | DISA MariaDB Enterprise 10.x v2r4 OS Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD8X-00-004200 - MongoDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | DISA MongoDB Enterprise Advanced 8.x STIG v1r1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-006200 - The MySQL Database Server 8.0 must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-015500 - Oracle Database must use NIST-validated FIPS 140-2/140-3 compliant cryptography for authentication mechanisms. | DISA Oracle Database 19c STIG v1r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010159 - The OL 8 "pam_unix.so" module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Oracle Linux 8 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010160 - The OL 8 "pam_unix.so" module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Oracle Linux 8 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010161 - OL 8 must prevent system daemons from using Kerberos for authentication. | DISA Oracle Linux 8 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010162 - The krb5-workstation package must not be installed on OL 8. | DISA Oracle Linux 8 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000355 - OL 9 must have the packages required for encrypting offloaded audit logs installed. | DISA Oracle Linux 9 STIG v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OS10-RTR-000290 - The Dell OS10 Router must be configured to use encryption for routing protocol authentication. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | IDENTIFICATION AND AUTHENTICATION |
| OS10-RTR-000300 - The Dell OS10 Router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010159 - The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-252065 - RHEL 9 libreswan package must be installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-200680 - RHEL 10 must have the "libreswan" package installed. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000280 - Symantec ProxySG must be configured to use only FIPS 140-2 approved algorithms for authentication to a cryptographic module with any application or protocol. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010404 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-611070 - Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashing algorithm. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000056 - VAMI must enable FIPS mode. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN11-CC-000052 - Windows 11 must be configured to prioritize ECC Curves with longer key lengths first. | DISA Microsoft Windows 11 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-SO-000190 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Microsoft Windows 11 STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-SO-000290 - Windows Server 2022 Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
