| 1.5.1 Ensure 'V3' is selected for SNMP polling | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.14 Ensure sshd MACs are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.15 Ensure sshd MACs are configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.15 Ensure sshd MACs are configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.15 Ensure only strong Key Exchange algorithms are used | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.17 Ensure only strong MAC algorithms are used | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1 Ensure password creation requirements are configured - dcredit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-003008 The macOS system must restrict maximum password lifetime to 60 days. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000270 - The Juniper EX switch must be configured to enforce a minimum 15-character password length. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010130 - The OL 8 shadow password suite must be configured to use a sufficient number of hashing rounds. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020140 - OL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020170 - OL 8 must require the change of at least eight characters when passwords are changed. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020190 - RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/login.defs. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020210 - RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020230 - RHEL 8 passwords must have a minimum of 15 characters. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020140 - The SUSE operating system must enforce passwords that contain at least one lowercase character. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020170 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020200 - The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day). | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020220 - The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020260 - The SUSE operating system must employ passwords with a minimum of 15 characters. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-020270 - The SUSE operating system must enforce passwords that contain at least one special character. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000340 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000350 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000370 - Splunk Enterprise must be configured to enforce a minimum 15-character password length. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000400 - Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-038910 - If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010007 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010008 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010051 - The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-411030 - Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-611015 - Ubuntu 22.04 LTS must enforce password complexity by requiring at least one lowercase character be used. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-611020 - Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN11-00-000090 - Accounts must be configured to require password expiration. | DISA Microsoft Windows 11 STIG v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-00-000050 - Windows Server 2022 manually managed application account passwords must be at least 14 characters in length. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-00-000210 - Windows Server 2022 passwords must be configured to expire. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
