| 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1.2 Ensure minimum days between password changes is configured - login.defs | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.2 Ensure minimum days between password changes is configured - password shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIOS-01-080004 - Apple iOS must enforce a minimum password length of six characters. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-006500 - Apple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-006500 - Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-035990 - AlmaLinux OS 9 must ensure the password complexity module in the system-auth file is configured for three retries or less. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-036210 - AlmaLinux OS 9 must enforce password complexity by requiring that at least one uppercase character be used. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-036650 - AlmaLinux OS 9 must enforce password complexity by requiring that at least one numeric character be used. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-037530 - AlmaLinux OS 9 must be configured so that the Pluggable Authentication Module is configured to store only encrypted representations of passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002038 - Apple macOS must be configured to disable the tftp service. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used - allowSimple | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used - minComplexChars | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003008 - The macOS system must enforce a 60-day maximum password lifetime restriction. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003010 - The macOS system must enforce a minimum 15-character password length. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003011 - The macOS system must enforce password complexity by requiring that at least one special character be used. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-15-003008 - The macOS system must restrict maximum password lifetime to 60 days. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004250 - If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DOD standards for password complexity and lifetime. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000032 - The ESXi host must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000043 - The ESXi host must prohibit password reuse for a minimum of five generations. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000245 - The FortiGate device must use LDAPS for the LDAP connection. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006000 - Google Android 14 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Complex Characters | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006100 - Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-000100 - The Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Honeywell Android 9.x COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-000100 - The Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-09-000100 - The Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000290 - The Juniper EX switch must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| KNOX-07-000100 - The Samsung Android 7 with Knox must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-000100 - The Motorola Android Pie must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MOTO-09-000100 - The Motorola Android Pie must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MSFT-11-000100 - Microsoft Android 11 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-014900 - If passwords are used for authentication, the Oracle Database must transmit only encrypted representations of passwords. | DISA Oracle Database 19c STIG v1r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O19C-00-019800 - Oracle Database must, for password-based authentication, verify that when users create or update passwords, the passwords are not found on the list of commonly used, expected, or compromised passwords in IA-5 (1) (a). | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000029 - The Photon operating system must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000030 - The Photon operating system must enforce a minimum eight-character password length. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SHPT-00-000600 - SharePoint managed service accounts must be set to enable automatic password change. | DISA STIG SharePoint 2010 v1r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000260 - Symantec ProxySG must transmit only encrypted representations of passwords - HTTP-Console Disabled | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100030 - Ubuntu 24.04 LTS must not have the telnet package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400220 - Ubuntu 24.04 LTS must store only encrypted representations of passwords. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000070 - The vCenter Server must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000079 - The vCenter Server must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
