| AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039290 - AlmaLinux OS 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039400 - AlmaLinux OS 9 must prevent system daemons from using Kerberos for authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-039510 - The libreswan package must be installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| DTOO257 - S/Mime interoperability with external clients for message handling must be configured. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO260 - Message formats must be set to use SMime. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO262 - Run in FIPS compliant mode must be enforced. | DISA STIG Microsoft Outlook 2016 v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-013200 - The EDB Postgres Advanced Server must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-000135 - The BIG-IP appliance must be configured to use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_ALGORITHMS_ALLOW | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_DEFAULT | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes - CRYPT_DEFAULT | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000050 - The Juniper router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 140-2 message authentication code algorithm - IS-IS | DISA STIG Juniper Router RTR v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-001300 - MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C2-015700 - The DBMS must use NIST-validated FIPS 140-2-compliant cryptography for authentication mechanisms. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015700 - The DBMS must use NIST-validated FIPS 140-2-compliant cryptography for authentication mechanisms. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-015700 - The DBMS must use NIST-validated FIPS 140-2 or 140-3 compliant cryptography for authentication mechanisms. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG Oracle 12c v3r2 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000253 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000257 - OHS must have the LoadModule ossl_module directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000259 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000260 - OHS must have the SSLCipherSuite directive enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000062 - The system must use a FIPS 140-2-approved cryptographic hashing algorithm for generating account password hashes (system-auth). | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010159 - The OL 8 'pam_unix.so' module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000062 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (system-auth) - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-672025 - RHEL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400400 - Ubuntu 24.04 LTS must encrypt all stored passwords with a FIPS 140-3 approved cryptographic hashing algorithm. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - JAVA_OPTIONS | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - JAVA_OPTIONS | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000176 - Oracle WebLogic must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - PRE_CLASSPATH | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
