| AIOS-12-011500 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-12-011500 - Apple iOS must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-13-011500 - Apple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001008 - All accounts on AIX system must have unique account names. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001010 - The AIX SYSTEM attribute must not be set to NONE for any account. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000056 - Suggestions of similar web pages in the event of a navigation error must be disabled. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-000037 - The ESXi host must use Active Directory for local user authentication. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-000038 - The ESXi host must use the vSphere Authentication Proxy to protect passwords when adding ESXi hosts to Active Directory. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-000039 - Active Directory ESX Admin group membership must not be used when adding ESXi hosts to Active Directory. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| EX16-MB-000610 - Exchange Outlook Anywhere clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000073 - The BIG-IP APM module must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) when connecting to virtual servers. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000073 - The BIG-IP Core implementation must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) when connecting to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000075 - The BIG-IP Core implementation must be configured with a pre-established trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or authentication, authorization, and accounting (AAA) server) that validate user account access authorizations and privileges when providing access control to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000077 - The BIG-IP Core implementation providing user authentication intermediary services must restrict user authentication traffic to specific authentication server(s) when providing access control to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000195 - The BIG-IP Core implementation providing user authentication intermediary services must be configured to require multifactor authentication for remote access with privileged accounts to virtual servers in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN000000-AIX00080 - The SYSTEM attribute must not be set to NONE for any account. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| JBOS-AS-000260 - The JBoss Server must be configured to utilize a centralized authentication mechanism such as AD or LDAP. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JBOS-AS-000265 - The JBoss Server must be configured to use certificates to authenticate admins. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JBOS-AS-000275 - The JBoss server must be configured to use individual accounts and not generic or shared accounts. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUSX-VN-000018 - The Juniper SRX Services Gateway VPN must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-VN-000031 - The Juniper SRX Services Gateway VPN must use anti-replay mechanisms for security associations. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000310 - MongoDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.7.3v1 - Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| O121-C2-013300 - The DBMS must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000237 - The system must not permit root logins using remote access programs such as ssh. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000239 - The SSH daemon must not allow authentication using an empty password. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000309 - The NFS server must not have the insecure file locking option enabled. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-020300 - The Oracle Linux operating system must be configured so that all Group Identifiers (GIDs) referenced in the /etc/passwd file are defined in the /etc/group file - GIDs referenced in the /etc/passwd file are defined in the /etc/group file. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-011500 - PostgreSQL must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000028 - The system must prevent the root account from logging in from serial consoles. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000227 - The SSH daemon must be configured to use only the SSHv2 protocol. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000294 - All GIDs referenced in /etc/passwd must be defined in /etc/group | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000349 - The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication - ALT for authentication. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000020 - Splunk Enterprise must use organization level authentication to uniquely identify and authenticate users. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SQL6-D0-007800 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000600 - Tomcat management applications must use LDAP realm authentication. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010431 - The Ubuntu operating system must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000150 - Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users). | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-SO-000005 - The built-in administrator account must be disabled. | DISA Microsoft Windows 10 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-00-000012 - Shared user accounts must not be permitted on the system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-00-000080 - Shared user accounts must not be permitted on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-00-000200 - Windows Server 2019 accounts must require passwords. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
