| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.1 Ensure 'V3' is selected for SNMP polling | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-034120 - AlmaLinux OS 9 SSHD must not allow blank passwords. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ALMA-09-034780 - AlmaLinux OS 9 must not permit direct logons to the root account using remote access via SSH. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-000040 - The macOS system must use replay-resistant authentication mechanisms and implement cryptographic mechanisms to protect the integrity of and verify remote disconnection at the termination of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions - SSHD currently running | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Unattended or Automatic Logon to the System | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Unattended or Automatic Logon to the System | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Unattended or Automatic Logon to the System | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Unattended or Automatic Logon to the System | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable Unattended or Automatic Logon to the System | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials. | DISA STIG Cisco ASA VPN v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Unattended or Automatic Logon to the System | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Unattended or Automatic Logon to the System | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000012 - The ESXi host Secure Shell (SSH) daemon must ignore '.rhosts' files - .rhosts files. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts - 'results of last should be reviewed' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000280 - Direct logins must not be permitted to shared, default, application, or utility accounts. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000300 - All accounts on the system must have unique user or account names. | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000300 - All accounts on the system must have unique user or account names. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs). | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000320 - All accounts must be assigned unique User Identification Numbers (UIDs). | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001020 - The root account must not be used for direct logins. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001120 - The system must not permit root logins using remote access programs, such as ssh. | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005527 - The SSH daemon must not allow host-based authentication. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN009120 - The system must be configured to require the use of a CAC, PIV compliant token or Alternate Logon Token for authentication. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN009120 - The system, if capable, must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token. | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 13 BYOD v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | AirWatch - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-007200 - Honeywell Android 13 must be configured to disable trust agents. | AirWatch - DISA Honeywell Android 13 COBO v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| HONW-13-007200 - Honeywell Android 13 must be configured to disable trust agents. | AirWatch - DISA Honeywell Android 13 COPE v1r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.4.1v1 - Security logs SHALL be sent to the agency's security operations center for monitoring. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| MS.AAD.8.1v1 - Guest users SHOULD have limited or restricted access to Microsoft Entra ID directory objects. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| MS.DEFENDER.6.1v1 - Microsoft Purview Audit (Standard) logging SHALL be enabled. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| MS.EXO.9.2v1 - The attachment filter SHOULD attempt to determine the true file type and assess the file extension. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| MS.EXO.17.1v1 - Microsoft Purview Audit (Standard) logging SHALL be enabled. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| MS.EXO.17.2v1 - Microsoft Purview Audit (Premium) logging SHALL be enabled. | CISA SCuBA Microsoft 365 Exchange Online v1.5.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| OL09-00-002343 - OL 9 SSHD must not allow blank passwords. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL09-00-002345 - OL 9 must not permit direct logons to the root account using remote access via SSH. | DISA Oracle Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010410 - RHEL 8 must accept Personal Identity Verification (PIV) credentials. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-NM-000230 - Symantec ProxySG must implement HTTPS-console to provide replay-resistant authentication mechanisms for network access to privileged accounts. - HTTPS-Console | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010064 - The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-24-400060 - Ubuntu 24.04 LTS must electronically verify Personal Identity Verification (PIV) credentials. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000059 - The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000009 - The vCenter Server must implement Active Directory authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001080 - The WebSphere Application Server must provide security extensions to extend SOAP protocol and provide secure authentication | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN11-SO-000251 - Windows 11 must use multifactor authentication for local and network access to privileged and nonprivileged accounts. | DISA Microsoft Windows 11 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
