| 5.5.7 Ensure multi-factor authentication is enable for users - module | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.7 Ensure multi-factor authentication is enable for users - pam_pkcs11 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.7 Ensure multi-factor authentication is enable for users - removal | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003200 - The AIX operating system must use Multi Factor Authentication. | DISA STIG AIX 7.x v2r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - enforceSmartCard | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - ChallengeResponseAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - enforceSmartCard | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Big Sur - Enforce multifactor authentication for network access to non-privileged accounts | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network. | DISA STIG Cisco ASA VPN v1r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Enforce multifactor authentication for network access to non-privileged accounts | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Enforce Smartcard Authentication | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Catalina - Enforce Smartcard Authentication | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| Catalina - Enforce Smartcard Authentication | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| F5BI-AP-000079 - The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000079 - The BIG-IP Core implementation providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts when granting access to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN005527 - The SSH daemon must not allow host-based authentication. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005527 - The SSH daemon must not allow host-based authentication. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUSX-VN-000019 - The Juniper SRX Services Gateway VPN must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts. | DISA Juniper SRX Services Gateway VPN v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce multifactor authentication for network access to non-privileged accounts | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 11.2g v2r4 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 11.2g v2r4 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 12c v2r9 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | DISA STIG Oracle 12c v2r9 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000234 - The SSH daemon must ignore .rhosts files - 'IgnoreRhosts yes' | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000236 - The SSH daemon must not allow host-based authentication. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000239 - The SSH daemon must not allow authentication using an empty password. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010300 - The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020250 - OL 8 must implement multifactor authentication for access to interactive accounts. | DISA Oracle Linux 8 STIG v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000234 - The SSH daemon must ignore .rhosts files. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000236 - The SSH daemon must not allow host-based authentication. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000239 - The SSH daemon must not allow authentication using an empty password. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010300 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010500 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-255035 - RHEL 9 SSHD must accept public key authentication. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611160 - RHEL 9 must use the CAC smart card driver. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030520 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020030 - The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA SLES 15 STIG v1r12 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000370 - Symantec ProxySG providing user authentication intermediary services must use multifactor authentication for network access to nonprivileged accounts. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030840 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010427 - The Ubuntu operating system must implement smart card logins for multifactor authentication for access to accounts. | DISA STIG Ubuntu 18.04 LTS v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010033 - The Ubuntu operating system must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts. | DISA STIG Ubuntu 20.04 LTS v1r12 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000060 - The vCenter Server must require multifactor authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| WN12-PK-000008-DC - Active directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), PIV-compliant hardware token, or Alternate Logon Token (ALT) for user authentication. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000310 - Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication. | DISA Windows Server 2016 STIG v2r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000310 - Windows Server 2019 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication. | DISA Windows Server 2019 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000310 - Windows Server 2022 Active Directory user accounts, including administrators, must be configured to require the use of a Common Access Card (CAC), Personal Identity Verification (PIV)-compliant hardware token, or Alternate Logon Token (ALT) for user authentication. | DISA Windows Server 2022 STIG v1r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
