| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-12-001300 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-12-001300 - Apple iOS must not include applications with the following characteristics: Siri when the device is locked. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-001300 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-001300 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-18-001000 - Apple iOS/iPadOS 18 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis] - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-001000 - Apple iOS/iPadOS 18 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis] - MDM to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIX7-00-002104 - The AIX SSH server must use SSH Protocol 2. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| ESXI-65-000010 - The ESXi host SSH daemon must use DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| ESXI-65-000011 - The ESXi host SSH daemon must be configured to use only the SSHv2 protocol. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| EX13-CA-000005 - Exchange must use Encryption for RPC client access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-002900 - Exchange must use encryption for RPC client access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| F5BI-LT-000033 - The BIG-IP Core implementation must be configured to use encryption services that implement NIST SP 800-52 Revision 2 compliant cryptography to protect the confidentiality of connections to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| F5BI-LT-000035 - The BIG-IP Core implementation must be configured to comply with the required TLS settings in NIST SP 800-52 Revision 1 for TLS services to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| IIST-SI-000203 - A private IIS 10.0 website must only accept Secure Socket Layer (SSL) connections. | DISA IIS 10.0 Site v2r10 | Windows | ACCESS CONTROL |
| IIST-SI-000204 - A public IIS 10.0 website must only accept Secure Socket Layer (SSL) connections when authentication is required. | DISA IIS 10.0 Site v2r10 | Windows | ACCESS CONTROL |
| IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SI-000204 - A public IIS 8.5 website must only accept Secure Socket Layer connections when authentication is required. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| JBOS-AS-000010 - HTTP management session traffic must be encrypted. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| OH12-1X-000007 - OHS must have the LoadModule ossl_module directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000008 - OHS must have the SSLFIPS directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000009 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000009 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000010 - OHS must have the SSLCipherSuite directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL6-00-000214 - The rshd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000216 - The rexecd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| PANW-AG-000016 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | ACCESS CONTROL |
| PANW-AG-000017 - The Palo Alto Networks security platform that stores secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | ACCESS CONTROL |
| RHEL-06-000216 - The rexecd service must not be running. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000243 - The RHEL 6 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| SOL-11.1-060130 - The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SP13-00-000015 - SharePoint must utilize approved cryptography to protect the confidentiality of remote access sessions. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| UBTU-16-030230 - The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010411 - The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WBLC-01-000009 - Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions - SSL Listen Port | Oracle WebLogic Server 12c Windows v2r1 | Windows | ACCESS CONTROL |
| WBLC-01-000009 - Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions - SSL Listen Port | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000009 - Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions - Unsecure Listen Port | Oracle WebLogic Server 12c Linux v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - administrative security | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - administrative security | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - administrative security | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
