| 3.154 - The use of DES encryption suites must not be allowed for Kerberos encryption. | DISA Windows 7 STIG v1r32 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-000340 - Arista MLS sessions must implement crypto mechanisms to protect the integrity of communications - api https | DISA STIG Arista MLS DCS-7000 Series NDM V1R2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-200825 - Arista MLS must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS | DISA STIG Arista MLS DCS-7000 Series NDM V1R2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000345 - Adobe Reader DC must enable FIPS mode. | DISA STIG Adobe Acrobat Reader DC Classic Track v1r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - integrity | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - integrity | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - ipsec-proposal | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ip ssh server algorithm | DISA STIG Cisco IOS XE Switch NDM v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-server | DISA STIG Cisco IOS XE Switch NDM v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm mac | DISA STIG Cisco IOS XE Switch NDM v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations - ALGORITHM | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations - SSL_CIPHERSPECS | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations - SSL_SVC_LABEL | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. - DB2COMM | DISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-008600 - DB2 must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements - SSL_CIPHERSPECS | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception. | DISA STIG IBM DB2 v10.5 LUW v1r3 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012800 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-100010 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000274 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000005 - Exchange must use Encryption for RPC client access. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000010 - Exchange must use Encryption for OWA access. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000010 - Exchange must use Encryption for OWA access. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000035 - Exchange ActiveSync (EAS) must only use certificate-based authentication to access email - WebSiteSSLEnabled | DISA Microsoft Exchange 2013 Client Access Server STIG v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000150 - Exchange OWA must use https - External | DISA Microsoft Exchange 2013 Client Access Server STIG v1r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000150 - Exchange OWA must use https. | DISA Microsoft Exchange 2013 Client Access Server STIG v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000115 - Exchange internal Send connectors must use Domain Security (mutual authentication Transport Layer Security). | DISA Microsoft Exchange 2013 Mailbox Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000033 - The BIG-IP Core implementation must be configured to use encryption services that implement NIST SP 800-52 Revision 1 compliant cryptography to protect the confidentiality of connections to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000293 - The BIG-IP Core implementation must be configured to implement NIST FIPS-validated cryptography for digital signatures when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000242 - The IIS 8.5 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 8.5 Site v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000650 - JBoss must be configured to use an approved TLS version. | DISA RedHat JBoss EAP 6.3 STIG v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012100 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012200 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes. | DISA MariaDB Enterprise 10.x v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000440 - MongoDB must protect the confidentiality and integrity of all information at rest. | DISA STIG MongoDB Enterprise Advanced 3.x v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations - openssl | EDB PostgreSQL Advanced Server OS Linux Audit v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EDB PostgreSQL Advanced Server OS Linux Audit v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-672015 - RHEL 9 crypto policy files must match files shipped with the operating system. | DISA Red Hat Enterprise Linux 9 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010510 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SLES 15 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000085 - SharePoint must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SharePoint 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000145 - SharePoint must use mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG SharePoint 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-019500 - SQL Server must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-019601 - SQL Server databases in the unclassified environment, containing sensitive information, must be encrypted using approved cryptography. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001370 - The WebSphere Application Server must use DoD-approved Signer Certificates. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
