| 1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.8.8 Ensure users must authenticate users using MFA via a graphical user logon | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Ensure required packages for multifactor authentication are installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-client | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-client | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-redone-client | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed - rsh-redone-client | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.4 Ensure telnet client is not installed | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.4 Ensure telnet client is not installed | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.5 (L1) Configure 'Interactive logon: Message text for users attempting to log on' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.6 (L1) Configure 'Interactive logon: Message title for users attempting to log on' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.1.3 Forbid Dial in Access | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 5.4.9 Ensure multifactor authentication for access to privileged accounts - PAM. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.10 Ensure certificate status checking for PKI authentication | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.6.14 Ensure Multi-Factor is used with External AAA | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.5 Ensure Remote Root-Login is denied via SSH | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.10.3.2 Ensure XNM-SSL Connection Limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.10.3.3 Ensure XNM-SSL Rate Limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.10.4.1 Ensure NETCONF Rate Limit is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.10.4.2 Ensure NETCONF Connection Limit is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.10.6 Ensure Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 6.10.7 Ensure Reverse Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 9.2.3 Verify No Legacy '+' Entries Exist in /etc/shadow File - + Entries Exist in /etc/shadow File | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 9.2.4 Verify No Legacy '+' Entries Exist in /etc/group File - + Entries Exist in /etc/group File | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-000090 The macOS system must disable logon to other user's active and locked sessions. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EDGE-00-000062 - The built-in DNS client must be disabled. | DISA STIG Edge v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000052 - The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 13 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 13 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-007200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 13 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Root Login for SSH | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400020 - Ubuntu 24.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400030 - Ubuntu 24.04 LTS must implement smart card logins for multifactor authentication for local and network access to privileged and nonprivileged accounts over SSH. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000020 - Windows Server 2022 Kerberos user logon restrictions must be enforced. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000030 - Windows Server 2022 Kerberos service ticket maximum lifetime must be limited to 600 minutes or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000040 - Windows Server 2022 Kerberos user ticket lifetime must be limited to 10 hours or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000050 - Windows Server 2022 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000060 - Windows Server 2022 computer clock synchronization tolerance must be limited to five minutes or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
