| AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002062 - AIX must remove !authenticate option from sudo config files. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002108 - If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AMLS-L2-000150 - The Arista Multilayer Switch must re-authenticate 802.1X connected devices every hour - dot1x timeout reauth-period 3600 | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| BIND-9X-001100 - The BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit. | DISA BIND 9.x STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - lifetime_minutes | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002490 - The Lifetime Minutes and Renewal Threshold Minutes Login Session Controls must be set to 10 and 0 respectively in Docker Enterprise - renewal_threshold_minutes | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000191 - The BIG-IP Core implementation must require users to reauthenticate when the user's role, the information authorizations, and/or the maximum session timeout is exceeded for the virtual server(s). | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.1.1v1 - Legacy authentication SHALL be blocked. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| MS.AAD.3.3v1 - If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| MS.AAD.7.3v1 - Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010340 - The Oracle Linux operating system must be configured so that users must provide a password for privilege escalation. | DISA Oracle Linux 7 STIG v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000529 - The sudo command must require authentication - /etc/sudoers.d/* !authenticate | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-432035 - RHEL 9 must restrict the use of the "su" command. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges. | DISA SLES 12 STIG v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010300 - The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles - sudoers.d | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010114 - The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000089 - The vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000089 - The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000270 - Passwords must not be saved in the Remote Desktop Client. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-CC-000280 - Remote Desktop Services must always prompt a client for passwords upon connection. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-SO-000245 - User Account Control approval mode for the built-in Administrator must be enabled. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-SO-000255 - User Account Control must automatically deny elevation requests for standard users. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN10-SO-000270 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-CC-000099 - Remote Desktop Services must always prompt a client for passwords upon connection. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-CC-000128 - The Windows Remote Management (WinRM) service must not store RunAs credentials. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000077 - User Account Control approval mode for the built-in Administrator must be enabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000083 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-SO-000460 - User Account Control approval mode for the built-in Administrator must be enabled. | DISA Windows Server 2016 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-SO-000520 - User Account Control must run all administrators in Admin Approval Mode, enabling UAC. | DISA Windows Server 2016 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-SO-000410 - Windows Server 2019 User Account Control must automatically deny standard user requests for elevation. | DISA Microsoft Windows Server 2019 STIG v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
