| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.2 Ensure 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 3.6 L2 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Ensure that Tri-Secret Secure is enabled for the Snowflake account | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.3 Configure an Endpoint Certificate (SSL_SVR_LABEL) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.3 Configure an Endpoint Certificate (SSL_SVR_LABEL) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.55 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-002096 - AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 11 v1r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 12 v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple macOS 13 v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-005020 - The macOS system must enforce FileVault. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-005020 - The macOS system must enforce FileVault. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-008900 - DB2 must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009200 - The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000047 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance levels must be verified - VIB Acceptance Levels must be verified. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 10.0 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000242 - The IIS 8.5 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-CO-000002 - Document metadata for rights managed Office Open XML files must be protected. | DISA STIG Microsoft Office 365 ProPlus v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-010030 - All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection. | DISA Oracle Linux 8 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-008700 - PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-010500 - PostgreSQL must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-009200 - The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-231190 - RHEL 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010450 - All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA SLES 12 STIG v2r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060150 - The operating system must employ cryptographic mechanisms to protect information in storage. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060150 - The operating system must employ cryptographic mechanisms to protect information in storage. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060170 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060170 - The operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-034800 - SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-003400 - SQL Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | DISA STIG SQL Server 2016 Database Audit v3r1 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-010400 - All persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010414 - Ubuntu operating systems handling data requiring 'data at rest' protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-231010 - Ubuntu 22.04 LTS must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information that requires protection at rest. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000025 - The Windows 2012 DNS Server must not contain zone records that have not been validated in over a year. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-00-000030 - Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest. | DISA Windows 10 STIG v3r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-00-000280 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA Windows Server 2016 STIG v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-00-000250 - Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. | DISA Windows Server 2022 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
