| 2.1350 - The system must implement NIST FIPS-validated cryptography - fips | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v1r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-09-000750 - System must issue or obtain public key certificates under an appropriate certificate policy. | DISA STIG Apple Mac OSX 10.9 v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-10-000750 - System must issue or obtain public key certificates under an appropriate certificate policy. | DISA STIG Apple Mac OSX 10.10 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-11-000750 - The system must issue or obtain public key certs under an appropriate certificate policy from an approved service provider. | DISA STIG Apple Mac OSX 10.11 v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode. | DISA STIG Adobe Acrobat Reader DC Continuous Track v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes - key | DISA BIND 9.x STIG v1r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1. | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - ipsec-proposal | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - prf | DISA STIG Cisco ASA VPN v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-008600 - DB2 must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements - SSL_SVC_LABEL | DISA STIG IBM DB2 v10.5 LUW v1r4 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-009000 - The DBMS must use NSA-approved cryptography to protect classified information in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012800 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000295 - The BIG-IP Core implementation must be configured to use NIST FIPS-validated cryptography to implement encryption services when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-012200 - MariaDB must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011500 - The MySQL Database Server 8.0 must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA Oracle MySQL 8.0 v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011500 - The MySQL Database Server 8.0 must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA Oracle MySQL 8.0 v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011700 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | DISA Oracle MySQL 8.0 v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| MYS8-00-011800 - The MySQL Database Server 8.0 must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owner's requirements. | DISA Oracle MySQL 8.0 v2r1 DB | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000294 - OHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
| OH12-1X-000294 - OHS must have the LoadModule ossl_module directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
| OH12-1X-000295 - OHS must have the SSLFIPS directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | ACCESS CONTROL |
| OH12-1X-000295 - OHS must have the SSLFIPS directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | ACCESS CONTROL |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000296 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000297 - OHS must have the SSLCipherSuite directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000297 - OHS must have the SSLCipherSuite directive enabled to implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance when encrypting data that must be compartmentalized. | DISA STIG Oracle HTTP Server 12.1.3 v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000067 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 6.7 Photon OS v1r3 | Unix | |
| PHTN-67-000067 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 6.7 Photon OS v1r5 | Unix | |
| RHEL-09-672020 - RHEL 9 crypto policy must not be overridden. | DISA Red Hat Enterprise Linux 9 STIG v1r2 | Unix | |
| RHEL-09-672045 - RHEL 9 must implement a system-wide encryption policy. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | |
| RHEL-09-672045 - RHEL 9 must implement a system-wide encryption policy. | DISA Red Hat Enterprise Linux 9 STIG v1r1 | Unix | |
| SP13-00-000100 - SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. | DISA STIG SharePoint 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-019600 - SQL Server databases in the classified environment, containing classified or sensitive information, must be encrypted using approved cryptography. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000450 - Symantec ProxySG providing forward proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. | DISA Symantec ProxySG Benchmark ALG v1r1 | BlueCoat | CONFIGURATION MANAGEMENT |
| SYMP-AG-000460 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes. | DISA Symantec ProxySG Benchmark ALG v1r1 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000470 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography for digital signatures. | DISA Symantec ProxySG Benchmark ALG v1r1 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000480 - Symantec ProxySG providing reverse proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000480 - Symantec ProxySG providing reverse proxy encryption intermediary services must use NIST FIPS-validated cryptography to implement encryption services. | DISA Symantec ProxySG Benchmark ALG v1r1 | BlueCoat | ACCESS CONTROL |
| UBTU-20-010442 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Ubuntu 20.04 LTS v1r12 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000140 - Windows Server 2022 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | DISA Windows Server 2022 STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-SO-000360 - Windows Server 2022 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2022 STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
