| 1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure 'Account lockout duration' is set to '15 or more minute(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.5.2 Log all Successful and Failed Administrative Logins | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rlogin | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.6 Ensure rsh server is not enabled - rsh | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.8 Ensure telnet server is not enabled | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.1.8 Ensure telnet server is not enabled | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.3 (BL) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.6 Configure 'Interactive logon: Message title for users attempting to log on' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.8 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.11 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.11 Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group - GIDs referenced in the /etc/passwd file are defined in the /etc/group file. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.8.4 Ensure MS-CHAPv2 RADIUS Authentication | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-14-000100 The macOS system must disable root logon. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Root Login for SSH | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to High | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared SMB Folders | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Root Login for SSH | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 15 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor. | DISA SLES 15 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100650 - Ubuntu 24.04 LTS must have the "SSSD" package installed. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100660 - Ubuntu 24.04 LTS must use the "SSSD" package for multifactor authentication services. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN12-AC-000014-DC - The computer clock synchronization tolerance must be limited to 5 minutes or less. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000030 - The Kerberos service ticket maximum lifetime must be limited to 600 minutes or less. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-DC-000050 - The Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000050 - Windows Server 2019 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
