| 2.1350 - The system must implement NIST FIPS-validated cryptography - fips | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https | DISA STIG Arista MLS DCS-7000 Series NDM v1r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api https | DISA STIG Arista MLS DCS-7000 Series NDM v1r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - entropy source | DISA STIG Arista MLS DCS-7000 Series NDM v1r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS | DISA STIG Arista MLS DCS-7000 Series NDM v1r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption - machine | DISA STIG for Microsoft Dot Net Framework 4.0 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1. | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - ipsec-proposal | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - prf | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002400 - Docker Enterprise Swarm manager must be run in auto-lock mode. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-006240 - Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network. | DISA STIG Docker Enterprise 2.x Linux/Unix v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO190 - The encryption type for password protected Office 97 thru Office 2003 must be set. | DISA STIG Microsoft Office System 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO260 - Message formats must be set to use SMime. | DISA STIG Microsoft Outlook 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-009000 - The DBMS must use NSA-approved cryptography to protect classified information in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-100010 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_DEFAULT | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_DEFAULT | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_DEFAULT | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005505 - The operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005505 - The operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005507 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005507 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005511 - The SSH client must be configured to not use CBC-based ciphers. | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005512 - The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication | DISA STIG HP-UX 11.31 v1r19 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication. | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005538 - The SSH daemon must not allow rhosts RSA authentication. | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000249 - The IIS 8.5 website must maintain the confidentiality and integrity of information during preparation for transmission and during reception. | DISA IIS 8.5 Site v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012200 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012300 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. | DISA MariaDB Enterprise 10.x v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000380 - MongoDB must use NIST FIPS 140-2-validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 3.x v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000380 - MongoDB must use NIST FIPS 140-2-validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 3.x v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011500 - The MySQL Database Server 8.0 must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA Oracle MySQL 8.0 v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011700 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | DISA Oracle MySQL 8.0 v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011800 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owner's requirements. | DISA Oracle MySQL 8.0 v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000063 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs) - login.defs. | DISA STIG Oracle Linux 6 v1r17 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA STIG Oracle Linux 6 v1r17 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000243 - The SSH daemon must be configured to use only FIPS 140-2 approved ciphers. | DISA STIG Oracle Linux 6 v1r17 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000252 - If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms. | DISA STIG Oracle Linux 6 v1r17 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000200 - Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.- Keyring Name | DISA Symantec ProxySG Benchmark NDM v1r1 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN08-SO-000064 - The use of DES encryption suites must not be allowed for Kerberos encryption. | DISA Windows 8/8.1 STIG v1r23 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
