| 5.3.17 Ensure only strong MAC algorithms are used - approved MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.17 Ensure only strong MAC algorithms are used - weak MACs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-001000 - Apple iOS/iPadOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store]. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AIOS-13-001300 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL |
| AS24-U1-000680 - The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | ACCESS CONTROL |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Trivial File Tansfer Protocol Service | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Trivial File Tansfer Protocol Service | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Trivial File Tansfer Protocol Service | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Trivial File Tansfer Protocol Service | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Trivial File Tansfer Protocol Service | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Trivial File Tansfer Protocol Service | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001140 - The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001140 - The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| EX13-CA-000005 - Exchange must use Encryption for RPC client access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-002900 - Exchange must use encryption for RPC client access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| F5BI-AS-000031 - The BIG-IP ASM module supporting intermediary services for remote access communications traffic must ensure inbound traffic is monitored for compliance with remote access security policies. | DISA F5 BIG-IP Application Security Manager STIG v2r1 | F5 | ACCESS CONTROL |
| F5BI-LT-000033 - The BIG-IP Core implementation must be configured to use encryption services that implement NIST SP 800-52 Revision 2 compliant cryptography to protect the confidentiality of connections to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| IIST-SI-000237 - The IIS 10.0 website must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Site v2r9 | Windows | ACCESS CONTROL |
| IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| JBOS-AS-000470 - Network access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | ACCESS CONTROL |
| JUSX-VN-000004 - The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| OH12-1X-000007 - OHS must have the LoadModule ossl_module directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000008 - OHS must have the SSLFIPS directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000009 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000014 - OHS must have the SSLCipherSuite directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000019 - OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000023 - OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OH12-1X-000032 - OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | ACCESS CONTROL |
| OL6-00-000228 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000253 - The LDAP client must use a TLS connection using trust certificates signed by the site CA. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-040190 - The Oracle Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications - LDAP communications. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| RHEL-06-000148 - The operating system must employ automated mechanisms to facilitate the monitoring and control of remote access methods - PROCESS_CHECK. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000216 - The rexecd service must not be running. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-07-040180 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-07-040190 - The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| SLES-12-030110 - The SUSE operating system must log SSH connection attempts and failures to the server. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL |
| SOL-11.1-060130 - The operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| TCAT-AS-001040 - LockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | ACCESS CONTROL |
| UBTU-16-030230 - The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010411 - The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WBLC-01-000010 - Oracle WebLogic must use cryptography to protect the integrity of the remote access session - Unsecure Listen Port | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | ACCESS CONTROL |
| WBLC-01-000011 - Oracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods. | Oracle WebLogic Server 12c Windows v2r1 | Windows | ACCESS CONTROL |
| WBLC-01-000013 - Oracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited. | Oracle WebLogic Server 12c Linux v2r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000110 - The WebSphere Application Server audit service provider must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN12-CC-000134 - The system must be configured to ensure smart card devices can be redirected to the Remote Desktop session. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN19-MS-000120 - Windows Server 2019 'Deny log on through Remote Desktop Services' user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems. | DISA Windows Server 2019 STIG v3r2 | Windows | ACCESS CONTROL |
