| CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh algorithm | DISA STIG Cisco IOS XE Router NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh algorithm | DISA STIG Cisco IOS XE Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ip ssh server algorithm | DISA STIG Cisco IOS Switch NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ip ssh server algorithm | DISA STIG Cisco IOS Switch NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-server | DISA STIG Cisco IOS XE Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm encryption | DISA STIG Cisco IOS XE Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm encryption | DISA STIG Cisco IOS XE Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - secure-server | DISA STIG Cisco IOS XE Router NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions - secure-server | DISA STIG Cisco IOS XE Router NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions - ssh version | DISA STIG Cisco IOS XE Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco IOS Switch NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000023 - The Juniper SRX Services Gateway VPN Internet Key Exchange (IKE) must use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C2-015700 - The DBMS must use NIST-validated FIPS 140-2-compliant cryptography for authentication mechanisms. | DISA STIG Oracle 11.2g v2r2 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000295 - OHS must have the SSLFIPS directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-010210 - The Oracle Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords. | DISA Oracle Linux 7 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-010220 - The Oracle Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords. | DISA Oracle Linux 7 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040180 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications - LDAP authentication communications. | DISA Oracle Linux 7 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040400 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Oracle Linux 7 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000143 - The Palo Alto Networks security platform, if used for TLS/SSL decryption, must use NIST FIPS-validated cryptography to implement encryption. | DISA STIG Palo Alto ALG v3r1 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG PostgreSQL 9.x on RHEL OS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-012300 - PostgreSQL must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. | DISA STIG PostgreSQL 9.x on RHEL OS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL - fips_enabled | DISA STIG PostgreSQL 9.x on RHEL DB v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 installation of OpenSSL - kernel | DISA STIG PostgreSQL 9.x on RHEL DB v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA Red Hat Enterprise Linux 6 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-021620 - The Red Hat Enterprise Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories - sha512 | DISA Red Hat Enterprise Linux 7 STIG v3r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 12 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010160 - The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections. | DISA SLES 15 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-040130 - Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors - 'CRYPT_DEFAULT' | DISA STIG Solaris 11 SPARC v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-040130 - Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. | DISA STIG Solaris 11 SPARC v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Solaris 11 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060010 - The operating system must use mechanisms for authentication to a cryptographic module meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG Solaris 11 X86 v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 SPARC v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000095 - SharePoint must employ NSA-approved cryptography to protect classified information. | DISA STIG SharePoint 2013 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000100 - SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. | DISA STIG SharePoint 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SPLK-CL-000010 - Splunk Enterprise must be installed with FIPS mode enabled, to implement NIST FIPS 140-2 approved ciphers for all cryptographic functions. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-003200 - SQL Server must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements - DB | DISA STIG SQL Server 2016 Database Audit v3r1 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010104 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010110 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords - ENCRYPT_METHOD | DISA STIG Ubuntu 18.04 LTS v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010110 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords - sha512 | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - audispd | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - auditctl | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - auditctl | DISA STIG Ubuntu 18.04 LTS v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000001 - The salt value for zones signed using NSEC3 RRs must be changed every time the zone is completely re-signed. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-SO-000360 - Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2019 STIG v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
