| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001108 - AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG AIX 7.x v2r3 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-001108 - AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG AIX 7.x v2r1 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 12 v1r8 | Unix | |
| APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 12 v1r8 | Unix | |
| APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 12 v1r8 | Unix | |
| APPL-13-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r1 | Unix | |
| APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) - MACs employing FIPS 140-2 validated cryptographic hash algorithms. | DISA STIG Apple macOS 13 v1r1 | Unix | |
| APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms. | DISA STIG Apple macOS 13 v1r1 | Unix | |
| APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 13 v1r3 | Unix | |
| APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 13 v1r2 | Unix | |
| CISC-RT-000040 - The Cisco router must be configured to use encryption for routing protocol authentication - EIGRP | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - hostssl | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - openssl_conf | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1 | Windows | CONFIGURATION MANAGEMENT |
| OL6-00-000062 - The system must use a FIPS 140-2-approved cryptographic hashing algorithm for generating account password hashes (system-auth). | DISA STIG Oracle Linux 6 v1r18 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000063 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs) - login.defs. | DISA STIG Oracle Linux 6 v1r18 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA STIG Oracle Linux 6 v1r18 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040110 - The Red Hat Enterprise Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 7 STIG v3r8 | Unix | |
| RHEL-07-040110 - The Red Hat Enterprise Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | |
| SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - nullok | DISA SLES 12 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - nullok | DISA SLES 12 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - sha512 | DISA SLES 12 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - sha512 | DISA SLES 12 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010240 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS | DISA SLES 12 STIG v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010240 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS | DISA SLES 12 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030170 - The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections. | DISA SLES 12 STIG v2r12 | Unix | |
| SLES-15-020190 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS | DISA SLES 15 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-020190 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS | DISA SLES 15 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SRG-OS-000120-ESXI5 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010150 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-010160 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010170 - The Ubuntu operating system must employ FIPS 140-2 approved cryptographic hashing algorithms for all created passwords. | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCFL-67-000006 - vSphere Client must be configured to enable SSL/TLS. | DISA STIG VMware vSphere 6.7 Virgo Client v1r1 | Unix | |
| WN10-SO-000190 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows 10 STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-SO-000190 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows 10 STIG v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-SO-000350 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2016 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
