| 1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password must meet complexity requirements' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.1.2 Ensure MFA Delete is enabled on S3 buckets | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION |
| ALMA-09-033240 - AlmaLinux OS 9 SSHD must accept public key authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-033350 - AlmaLinux OS 9 must have the opensc package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-033460 - The pcscd socket on AlmaLinux OS 9 must be active. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-033570 - AlmaLinux OS 9 must have the pcsc-lite package installed. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-033680 - AlmaLinux OS 9 must implement certificate status checking for multifactor authentication. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple macOS 13 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000012 - The ESXi host SSH daemon must ignore .rhosts files. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EX19-MB-000203 - Exchange Outlook Anywhere clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| FGFW-ND-000205 - The FortiGate device must implement replay-resistant authentication mechanisms for network access to privileged accounts | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 14 COPE v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 14 BYOAD v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-707200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-007200 - Google Android 15 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-007200 - Honeywell Android 13 must be configured to disable trust agents. | MobileIron - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000260 - The Juniper EX switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010410 - OL 8 must accept Personal Identity Verification (PIV) credentials. | DISA Oracle Linux 8 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000280 - OL 9 must implement multifactor authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-000401 - OL 9 must be configured so that the pcscd service is active. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000035 - The Photon operating system must configure sshd to disallow root logins. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020250 - RHEL 8 must implement smart card logon for multifactor authentication for access to interactive accounts. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SHPT-00-000530 - The Central Administration Web Application must use Kerberos as the authentication provider. | DISA STIG SharePoint 2010 v1r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000330 - Splunk Enterprise must use HTTPS/SSL for access to the user interface. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-018500 - SQL Server must ensure users are authenticated with an individual authenticator prior to using a shared authenticator. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000350 - Symantec ProxySG providing user authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000370 - Symantec ProxySG providing user authentication intermediary services must use multifactor authentication for network access to nonprivileged accounts. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000380 - Symantec ProxySG providing user authentication intermediary services must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTP-Console | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010065 - The Ubuntu operating system must electronically verify Personal Identity Verification (PIV) credentials. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-612015 - Ubuntu 22.04 LTS must accept personal identity verification (PIV) credentials. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-612025 - Ubuntu 22.04 LTS must electronically verify personal identity verification (PIV) credentials. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100900 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-100910 - Ubuntu 24.04 LTS must accept Personal Identity Verification (PIV) credentials managed through the Privileged Access Management (PAM) framework. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400110 - Ubuntu 24.04 LTS must prevent direct login to the root account. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001030 - The WebSphere Application Server multifactor authentication for network access to privileged accounts must be used. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001090 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
