Item Search

NameAudit NamePluginCategory
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.DISA STIG AIX 7.x v2r9Unix

IDENTIFICATION AND AUTHENTICATION

ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabledDISA STIG Cisco ASA NDM v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipherDISA STIG Cisco ASA NDM v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchangeDISA STIG Cisco ASA NDM v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh versionDISA STIG Cisco ASA NDM v2r1Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA STIG Cisco IOS-XR Router NDM v3r1Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA STIG Cisco NX-OS Switch NDM v3r1Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Cisco IOS XE Router NDM v3r1Cisco

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Cisco IOS Router NDM v3r1Cisco

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Cisco IOS XE Switch NDM v3r1Cisco

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

EDGE-00-000062 - The built-in DNS client must be disabled.DISA STIG Edge v2r1Windows

IDENTIFICATION AND AUTHENTICATION

ESXI-06-200037 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by using Active Directory for local user authentication.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-06-200038 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by using the vSphere Authentication Proxy.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

ESXI-06-200039 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by restricting use of Active Directory ESX Admin group membership.DISA STIG VMware vSphere 6.x ESXi v1r5VMware

IDENTIFICATION AND AUTHENTICATION

FGFW-ND-000205 - The FortiGate device must implement replay-resistant authentication mechanisms for network access to privileged accountsDISA Fortigate Firewall NDM STIG v1r4FortiGate

IDENTIFICATION AND AUTHENTICATION

GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol.DISA STIG Solaris 10 X86 v2r4Unix

IDENTIFICATION AND AUTHENTICATION

GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol.DISA STIG Solaris 10 SPARC v2r4Unix

IDENTIFICATION AND AUTHENTICATION

JUEX-NM-000260 - The Juniper EX switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA Juniper EX Series Network Device Management v2r1Juniper

IDENTIFICATION AND AUTHENTICATION

JUNI-ND-000530 - The Juniper router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA STIG Juniper Router NDM v3r1Juniper

IDENTIFICATION AND AUTHENTICATION

JUSX-DM-000124 - The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA Juniper SRX Services Gateway NDM v3r1Juniper

IDENTIFICATION AND AUTHENTICATION

JUSX-VN-000031 - The Juniper SRX Services Gateway VPN must use anti-replay mechanisms for security associations.DISA Juniper SRX Services Gateway VPN v3r1Juniper

IDENTIFICATION AND AUTHENTICATION

PANW-NM-000051 - The Palo Alto Networks security platform must implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA STIG Palo Alto NDM v3r1Palo_Alto

IDENTIFICATION AND AUTHENTICATION

RHEL-06-000227 - The SSH daemon must be configured to use only the SSHv2 protocol.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

SHPT-00-000530 - The Central Administration Web Application must use Kerberos as the authentication provider.DISA STIG SharePoint 2010 v1r9Windows

IDENTIFICATION AND AUTHENTICATION

SHPT-00-000531 - SharePoint sites must not use NTLM - SharePoint sites must not use NTLM.DISA STIG SharePoint 2010 v1r9Windows

IDENTIFICATION AND AUTHENTICATION

SP13-00-000075 - SharePoint must use replay-resistant authentication mechanisms for network access to privileged accounts.DISA STIG SharePoint 2013 v2r3Windows

IDENTIFICATION AND AUTHENTICATION

SPLK-CL-000060 - Splunk Enterprise must use HTTPS/SSL for access to the user interface.DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST APISplunk

IDENTIFICATION AND AUTHENTICATION

SPLK-CL-000330 - Splunk Enterprise must use HTTPS/SSL for access to the user interface.DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST APISplunk

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTP-ConsoleDISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

IDENTIFICATION AND AUTHENTICATION

SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTPS-ConsoleDISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

IDENTIFICATION AND AUTHENTICATION

UBTU-16-030200 - The Ubuntu operating system must enforce SSHv2 for network access to all accounts.DISA STIG Ubuntu 16.04 LTS v2r3Unix

IDENTIFICATION AND AUTHENTICATION

UBTU-18-010412 - The Ubuntu operating system must enforce SSHv2 for network access to all accounts.DISA STIG Ubuntu 18.04 LTS v2r15Unix

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

IDENTIFICATION AND AUTHENTICATION

WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authenticationDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000020 - Kerberos user logon restrictions must be enforced.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000030 - The Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN16-DC-000050 - The Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2016 STIG v2r9Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000030 - Windows Server 2019 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000050 - Windows Server 2019 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN19-DC-000060 - Windows Server 2019 computer clock synchronization tolerance must be limited to five minutes or less.DISA Windows Server 2019 STIG v3r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000020 - Windows Server 2022 Kerberos user logon restrictions must be enforced.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000030 - Windows Server 2022 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000040 - Windows Server 2022 Kerberos user ticket lifetime must be limited to 10 hours or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000050 - Windows Server 2022 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION

WN22-DC-000060 - Windows Server 2022 computer clock synchronization tolerance must be limited to five minutes or less.DISA Windows Server 2022 STIG v2r2Windows

IDENTIFICATION AND AUTHENTICATION