| 1.8.8 Ensure users must authenticate users using MFA via a graphical user logon | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Ensure required packages for multifactor authentication are installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.10 Ensure certificate status checking for PKI authentication | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials - PIV credentials | DISA STIG AIX 7.x v2r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001060 - The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001060 - The macOS system must set smart card certificate trust to moderate. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1075-IE11 - Prevent ignoring certificate errors option must be enabled. | DISA STIG IE 11 v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200040 - The VMM must electronically verify Personal Identity Verification (PIV) credentials. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010400 - OL 8 must implement certificate status checking for multifactor authentication. | DISA Oracle Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041001 - The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-215075 - RHEL 9 must have the openssl-pkcs11 package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611170 - RHEL 9 must implement certificate status checking for multifactor authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 15 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor. | DISA SLES 15 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020030 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA SLES 15 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030800 - The Ubuntu operating system must have the packages required for multifactor authentication to be installed. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030820 - The Ubuntu operating system must implement certificate status checking for multifactor authentication. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010434 - The Ubuntu operating system must implement certificate status checking for multifactor authentication. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010065 - The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-612025 - Ubuntu 22.04 LTS must electronically verify personal identity verification (PIV) credentials. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000080 The vCenter Server must enable revocation checking for certificate-based authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
