| 1.319 RHEL-09-611050 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.320 RHEL-09-611055 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.447 RHEL-09-671015 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001108 - AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Big Sur - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS XE Router RTR STIG v3r4 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS Switch RTR STIG v3r1 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - version | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000008 - The Juniper SRX Services Gateway VPN must be configured to use IPsec with SHA256 or greater to negotiate hashing to protect the integrity of remote access sessions. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000380 - MongoDB must use NIST FIPS 140-2-validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Configure SSHD to Use Secure Key Exchange Algorithms | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| O112-C2-015700 - The DBMS must use NIST-validated FIPS 140-2-compliant cryptography for authentication mechanisms. | DISA STIG Oracle 11.2g v2r5 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG Oracle 12c v3r4 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| O365-CO-000021 - Object Caching Protection must be enabled in all Office programs. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000255 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled to meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting stored data - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-012800 - The DBMS must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000062 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (system-auth) - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611050 - RHEL 9 password-auth must be configured to use a sufficient number of hashing rounds. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611055 - RHEL 9 system-auth must be configured to use a sufficient number of hashing rounds. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-671015 - RHEL 9 must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010220 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords. | DISA SLES 12 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords. | DISA SLES 12 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010240 - The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords. | DISA SLES 12 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020180 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020190 - The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SP13-00-000085 - SharePoint must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | DISA STIG SharePoint 2013 v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000050 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000390 - Splunk Enterprise must be installed in FIPS mode to implement NIST FIPS-approved cryptography for all cryptographic functions. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-031100 - SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG SQL Server 2014 Instance OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SRG-OS-000120-ESXI5 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010150 - The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010160 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010170 - The Ubuntu operating system must employ FIPS 140-2 approved cryptographic hashing algorithms for all created passwords. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010110 - The Ubuntu operating system must employ a FIPS 140-2 approved cryptographic hashing algorithms for all created and stored passwords. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-SO-000190 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Microsoft Windows 10 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000064 - Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
