1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
1.008 - Shared user accounts are permitted on the system. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
4.017 - DOD information system access does not require the use of a password. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
4.039 - Built-in Admin Account Status | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT |
18.9.98.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, RISK ASSESSMENT |
AIOS-16-711300 - Apple iOS/iPadOS 16 must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-16-711300 - Apple iOS/iPadOS 16 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-17-011300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-17-011300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-17-711300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-17-711300 - Apple iOS/iPadOS 17 must implement the management setting: use SSL for Exchange ActiveSync. | MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
AIOS-18-011300 - Apple iOS/iPadOS 18 must implement the management setting: use SSL for Exchange ActiveSync. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | IDENTIFICATION AND AUTHENTICATION |
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - OpenSSH Version | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
APPL-14-005052 The macOS system must configure login window to prompt for username and password. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
CASA-VN-000410 - The Cisco ASA remote access VPN server must be configured to identify and authenticate users before granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
EPAS-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - '/etc/security/user rlogin=false' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN000300 - All accounts on the system must have unique user or account names. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs). | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN000980 - The system must prevent the root account from directly logging in except from the system console. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN001020 - The root account must not be used for direct logins. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN001120 - The system must not permit root logins using remote access programs, such as ssh. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
GEN009120 - System must be configured to require the use of CAC, PIV compliant hardware token, or Alternate Logon Token for authentication | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
MADB-10-003600 - MariaDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
Monterey - Disable Unattended or Automatic Logon to the System | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed. | DISA Oracle Linux 7 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM. | DISA Oracle Linux 7 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication. | DISA Oracle Linux 7 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
OL09-00-003006 - OL 9 groups must have unique Group ID (GID). | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
PHTN-30-000033 - The Photon operating system must not have duplicate User IDs (UIDs). | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
RHEL-09-411045 - All RHEL 9 interactive users must have a primary group that exists. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 12 STIG v3r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
SPLK-CL-000320 - Splunk Enterprise must use organization-level authentication to uniquely identify and authenticate users. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
SQL2-00-018400 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - or processes acting on behalf of organizational users | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
SYMP-AG-000320 - Symantec ProxySG must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - Domain Exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
SYMP-AG-000330 - Symantec ProxySG must be configured with a pre-established trust relationship and mechanisms with appropriate authorities that validate user account access authorizations and privileges - Domain Exists | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
SYMP-AG-000330 - Symantec ProxySG must be configured with a pre-established trust relationship and mechanisms with appropriate authorities that validate user account access authorizations and privileges - Domain joined | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-001010 - The WebSphere Application Server LDAP user registry must be used. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |