| 2.12 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Limit Accepted Transport Layer Security (TLS) Versions | CIS MySQL 8.0 Enterprise Database L2 v1.3.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-002101 - AIX must monitor and record unsuccessful remote logins. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | ACCESS CONTROL |
| AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Trivial File Tansfer Protocol Service | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Trivial File Tansfer Protocol Service | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Trivial File Tansfer Protocol Service | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
| ESXI-65-000010 - The ESXi host SSH daemon must use DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| ESXI-65-000011 - The ESXi host SSH daemon must be configured to use only the SSHv2 protocol. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | ACCESS CONTROL |
| EX16-MB-002920 - Exchange must have forms-based authentication disabled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| F5BI-LT-000035 - The BIG-IP Core implementation must be configured to comply with the required TLS settings in NIST SP 800-52 Revision 1 for TLS services to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v3r1 | Windows | ACCESS CONTROL |
| IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Server v3r1 | Windows | ACCESS CONTROL |
| IISW-SI-000203 - A private IIS 8.5 website must only accept Secure Socket Layer connections. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| JBOS-AS-000015 - HTTPS must be enabled for JBoss web interfaces. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| OH12-1X-000013 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000017 - OHS must have the WebLogicSSLVersion directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000018 - OHS must have the WLProxySSL directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000024 - OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000026 - OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000034 - OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL6-00-000214 - The rshd service must not be running - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000216 - The rexecd service must not be running - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-040400 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| PANW-AG-000079 - The Palo Alto Networks security, if used as a TLS gateway/decryption point or VPN concentrator, must provide the capability to immediately disconnect or disable remote access to the information system. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | ACCESS CONTROL |
| RHEL-06-000228 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000243 - The RHEL 6 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-040200 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040400 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| TCAT-AS-000030 - HTTP Strict Transport Security (HSTS) must be enabled. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000009 - Oracle WebLogic must utilize cryptography to protect the confidentiality of remote access management sessions - SSL Listen Port | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - SSL Listen Port | Oracle WebLogic Server 12c Linux v2r1 | Unix | ACCESS CONTROL |
| WBLC-01-000011 - Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000013 - Oracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WN10-CC-000285 - The Remote Desktop Session Host must require secure RPC communications. | DISA Windows 10 STIG v3r2 | Windows | ACCESS CONTROL |
| WN12-CC-000130 - The Remote Desktop Session Host must require secure RPC communications. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000130 - The Remote Desktop Session Host must require secure RPC communications. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000135 - Users must be prevented from redirecting Plug and Play devices to the Remote Desktop Session Host. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-CC-000400 - The Remote Desktop Session Host must require secure Remote Procedure Call (RPC) communications. | DISA Windows Server 2016 STIG v2r9 | Windows | ACCESS CONTROL |
