| 1.59 APPL-14-001150 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| 1.124 APPL-14-003020 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.339 RHEL-09-611160 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - OpenSSH version | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD currently running | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD service disabled | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-000011 - The macOS system must disable the SSHD service. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-000011 - The macOS system must disable the SSHD service. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001150 - The macOS system must disable password authentication for SSH. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-14-003020 - The macOS system must enforce smart card authentication. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-003030 - The macOS system must allow smart card authentication. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Enable SSH for Remote Access Sessions | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptions | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000026 - The Photon operating system must use an OpenSSH server version that does not support protocol 1. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-611160 - RHEL 9 must use the common access card (CAC) smart card driver. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception). | DISA Solaris 11 X86 STIG v3r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception). | DISA Solaris 11 SPARC STIG v3r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| VCSA-70-000009 - The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000009 - The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
