| 1.4 OL08-00-010020 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.19 APPL-14-000054 | CIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.20 APPL-14-000057 | CIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.25 UBTU-24-100830 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.64 UBTU-22-255055 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000605 - The macOS system must not use telnet. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently running | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-000057 - The macOS system must limit SSH to FIPS-compliant connections. | DISA Apple macOS 14 Sonoma STIG v2r4 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000057 - The macOS system must limit SSH to FIPS-compliant connections. | DISA Apple macOS 15 Sequoia STIG v1r7 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-26-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-26-000057 - The macOS system must limit SSH to FIPS-compliant connections. | DISA Apple macOS 26 Tahoe STIG v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-300003 - The F5 BIG-IP appliance providing intermediary services for remote access must use FIPS-validated cryptographic algorithms, including TLS 1.2 at a minimum. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000008 - The Juniper SRX Services Gateway VPN must be configured to use IPsec with SHA256 or greater to negotiate hashing to protect the integrity of remote access sessions. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000253 - The LDAP client must use a TLS connection using trust certificates signed by the site CA. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-040180 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications - LDAP authentication communications. | DISA Oracle Linux 7 STIG v3r5 | Unix | ACCESS CONTROL |
| OL08-00-010020 - OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000020 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions. | DISA Palo Alto Networks ALG STIG v3r4 | Palo_Alto | ACCESS CONTROL |
| PHTN-30-000009 - The Photon operating system must configure sshd to use approved encryption algorithms. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000009 - The Photon operating system must configure sshd to use approved encryption algorithms. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040400 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-10-000500 - RHEL 10 must enable FIPS mode. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-300030 - RHEL 10 must be configured so that Secure Shell (SSH) clients use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLEM-05-255045 - SLEM 5 must implement DOD-approved encryption to protect the confidentiality of SSH remote connections. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| SLES-12-030180 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| SLES-15-010270 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | ACCESS CONTROL, MAINTENANCE |
| SP13-00-000020 - SharePoint must use cryptography to protect the integrity of the remote access session. | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | ACCESS CONTROL |
| SRG-OS-000250-ESXI5 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs with FIPS 140-2 approved crypto | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | ACCESS CONTROL |
| UBTU-16-030240 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, MAINTENANCE |
| UBTU-18-010417 - The Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, MAINTENANCE |
| UBTU-20-010043 - The Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 20.04 LTS STIG v2r4 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-255055 - Ubuntu 22.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3-approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-24-100830 - Ubuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission. | DISA Canonical Ubuntu 24.04 LTS STIG v1r5 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCRP-70-000004 - Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-CC-000130 - The Remote Desktop Session Host must require secure RPC communications. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN19-CC-000370 - Windows Server 2019 Remote Desktop Services must require secure Remote Procedure Call (RPC) communications. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
| WN19-CC-000380 - Windows Server 2019 Remote Desktop Services must be configured with the client connection encryption set to High Level. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
