Item Search

NameAudit NamePluginCategory
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.DISA STIG AIX 7.x v2r9Unix

IDENTIFICATION AND AUTHENTICATION

AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA STIG Apple Mac OSX 10.13 v2r5Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - OpenSSH VersionDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD currently runningDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD service disabledDISA STIG Apple Mac OSX 10.14 v2r6Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - OpenSSH versionDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD currently runningDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

AOSX-15-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions, including transmitted data and data during preparation for transmission, and use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications - SSHD service disabledDISA STIG Apple Mac OSX 10.15 v1r10Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-11-000011 - The macOS system must disable the SSHD service.DISA STIG Apple macOS 11 v1r8Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

APPL-11-000011 - The macOS system must disable the SSHD service.DISA STIG Apple macOS 11 v1r5Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

Catalina - Enable SSH for Remote Access SessionsNIST macOS Catalina v1.5.0 - All ProfilesUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-06-300037 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by using Active Directory for local user authentication.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-06-300038 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by using the vSphere Authentication Proxy.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-06-300039 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by restricting use of Active Directory ESX Admin group membership.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-67-000037 - The ESXi host must use Active Directory for local user authentication.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-67-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-67-000039 - Active Directory ESX Admin group membership must not be used when adding ESXi hosts to Active Directory.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-70-000037 - The ESXi host must use Active Directory for local user authentication.DISA STIG VMware vSphere 7.0 ESXi v1r2VMware

IDENTIFICATION AND AUTHENTICATION

PHTN-30-000026 - The Photon operating system must use an OpenSSH server version that does not support protocol 1.DISA STIG VMware vSphere 7.0 Photon OS v1r3Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-611160 - RHEL 9 must use the common access card (CAC) smart card driver.DISA Red Hat Enterprise Linux 9 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

SYMP-AG-000380 - Symantec ProxySG providing user authentication intermediary services must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

IDENTIFICATION AND AUTHENTICATION

UBTU-16-030200 - The Ubuntu operating system must enforce SSHv2 for network access to all accounts.DISA STIG Ubuntu 16.04 LTS v2r3Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010412 - The Ubuntu operating system must enforce SSHv2 for network access to all accounts.DISA STIG Ubuntu 18.04 LTS v2r15Unix

IDENTIFICATION AND AUTHENTICATION

VCSA-70-000009 - The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WN12-AC-000014-DC - The computer clock synchronization tolerance must be limited to 5 minutes or less.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000020 - Kerberos user logon restrictions must be enforced.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000030 - The Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000040 - The Kerberos user ticket lifetime must be limited to 10 hours or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000050 - The Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000060 - The computer clock synchronization tolerance must be limited to 5 minutes or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000020 - Windows Server 2019 Kerberos user logon restrictions must be enforced.DISA Windows Server 2019 STIG v3r2Windows

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

WN19-DC-000030 - Windows Server 2019 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000040 - Windows Server 2019 Kerberos user ticket lifetime must be limited to 10 hours or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000050 - Windows Server 2019 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000060 - Windows Server 2019 computer clock synchronization tolerance must be limited to five minutes or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000030 - Windows Server 2022 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000040 - Windows Server 2022 Kerberos user ticket lifetime must be limited to 10 hours or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000050 - Windows Server 2022 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000060 - Windows Server 2022 computer clock synchronization tolerance must be limited to five minutes or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000310 - Windows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION