| 1.5.9 Ensure NIST FIPS-validated cryptography is configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.42 (L1) Ensure 'Enable TLS Encrypted ClientHello' Is Enabled | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.14 Ensure only strong MAC algorithms are used | CIS Debian 10 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.14 Ensure sshd MACs are configured | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.15 Ensure sshd MACs are configured | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10 Ensure That App Engine Applications Enforce HTTPS Connections | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure sshd MACs are configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.15 Ensure sshd MACs are configured | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.29 Ensure SSH Protocol is set to 2 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000031 - The VMM must enforce password complexity by requiring that at least one upper-case character be used. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000032 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100031 - The VMM must enforce password complexity by requiring that at least one lower-case character be used. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200031 - The VMM must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-400031 - The VMM must enforce a minimum 15-character password length. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| GEN000640 - The system must require passwords contain at least one special character. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-006000 - Google Android 13 must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000320 - The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000330 - The Juniper EX switch must be configured to only store cryptographic representations of passwords. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-003700 - If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010120 - OL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020231 - OL 8 passwords for new users must have a minimum of 15 characters. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010007 - The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010008 - The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010053 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-411025 - Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-611020 - Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-611040 - Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400260 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one uppercase character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400290 - Ubuntu 24.04 LTS must require the change of at least eight characters when passwords are changed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400310 - Ubuntu 24.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400330 - Ubuntu 24.04 LTS must enforce password complexity by requiring that at least one special character be used. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000003 - The system must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000040 - Passwords must contain at least one uppercase character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000041 - Passwords must contain at least one lowercase character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000042 - Passwords must contain at least one numeric character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000043 - Passwords must contain at least one special character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WN11-AC-000040 - The built-in Microsoft password complexity filter must be enabled. | DISA Microsoft Windows 11 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-SO-000195 - The system must be configured to prevent the storage of the LAN Manager hash of passwords. | DISA Microsoft Windows 11 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-SO-000280 - Passwords for enabled local Administrator accounts must be changed at least every 60 days. | DISA Microsoft Windows 11 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-00-000020 - Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-AC-000060 - Windows Server 2022 minimum password age must be configured to at least one day. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-AC-000070 - Windows Server 2022 minimum password length must be configured to 14 characters. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
