| AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh algorithm | DISA STIG Cisco IOS XE Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ip ssh server algorithm | DISA STIG Cisco IOS XE Switch NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after 10 minutes of inactivity - ip http secure-server | DISA STIG Cisco IOS Switch NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm encryption | DISA STIG Cisco IOS Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm encryption | DISA STIG Cisco IOS Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm encryption | DISA STIG Cisco IOS XE Router NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm mac | DISA STIG Cisco IOS XE Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - secure-server | DISA STIG Cisco IOS Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - secure-server | DISA STIG Cisco IOS Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - secure-server | DISA STIG Cisco IOS XE Router NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm mac | DISA STIG Cisco IOS Switch NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm mac | DISA STIG Cisco IOS Switch NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions - ip ssh server algorithm mac | DISA STIG Cisco IOS XE Switch NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions - ssh server algorithm | DISA STIG Cisco IOS XE Router NDM v2r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco IOS Switch NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco IOS XE Switch NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-ED-000690 - Exchange internal Send connectors must require encryption - TlsDomain | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX16-MB-002910 - Exchange must use encryption for Outlook Web App (OWA) access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000203 - The BIG-IP Core implementation must be configured to deny-by-default all PKI-based authentication to virtual servers supporting path discovery and validation if unable to access revocation information via the network. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000291 - The BIG-IP Core implementation must be configured to implement NIST FIPS-validated cryptography to generate cryptographic hashes when providing encryption traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000293 - The BIG-IP Core implementation must be configured to implement NIST FIPS-validated cryptography for digital signatures when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000293 - The BIG-IP Core implementation must be configured to implement NIST FIPS-validated cryptography for digital signatures when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000295 - The BIG-IP Core implementation must be configured to use NIST FIPS-validated cryptography to implement encryption services when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000204 - A public IIS 10.0 website must only accept Secure Socket Layer (SSL) connections when authentication is required. | DISA IIS 10.0 Site v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000246 - Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data - compressionEnabled | DISA IIS 10.0 Site v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000246 - Cookies exchanged between the IIS 10.0 website and the client must have cookie properties set to prohibit client-side scripts from reading the cookie data - requireSSL | DISA IIS 10.0 Site v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000246 - Cookies exchanged between the IIS 8.5 website and the client must use SSL/TLS, have cookie properties set to prohibit client-side scripts from reading the cookie data and must not be compressed - requireSSL | DISA IIS 8.5 Site v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-021620 - The Oracle Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories - sha512 | DISA Oracle Linux 7 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-021620 - The Oracle Linux operating system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories - sha512 | DISA Oracle Linux 7 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040190 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - LDAP communications. | DISA Oracle Linux 7 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040200 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - config | DISA Oracle Linux 7 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000244 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 6 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040200 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - config | DISA Red Hat Enterprise Linux 7 STIG v3r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040400 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 7 STIG v3r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 15 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010510 - FIPS 140-2 mode must be enabled on the SUSE operating system. | DISA SLES 15 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-020170 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - PAM to only store encrypted representations of passwords | DISA SLES 15 STIG v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000085 - SharePoint must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SharePoint 2013 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000085 - SharePoint must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SharePoint 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000095 - SharePoint must employ NSA-approved cryptography to protect classified information. | DISA STIG SharePoint 2013 v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000100 - SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. | DISA STIG SharePoint 2013 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000145 - SharePoint must use mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | DISA STIG SharePoint 2013 v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures. | DISA STIG SQL Server 2016 Instance OS Audit v2r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. | DISA STIG SQL Server 2016 Instance OS Audit v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-010550 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - auditctl | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
