| AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ALMA-09-040060 - AlmaLinux OS 9 must implement a systemwide encryption policy. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000345 - Adobe Reader DC must enable FIPS mode. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes. | DISA BIND 9.x STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Issue or Obtain Public Key Certificates from an Approved Service Provider | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-008600 - DB2 must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-006240 - Docker Enterprise data exchanged between Linux containers on different nodes must be encrypted on the overlay network. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI014-IE11 - Turn off Encryption Support must be enabled. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI1100-IE11 - Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled. | DISA STIG IE 11 v2r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000291 - The BIG-IP Core implementation must be configured to implement NIST FIPS-validated cryptography to generate cryptographic hashes when providing encryption traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000295 - The BIG-IP Core implementation must be configured to use NIST FIPS-validated cryptography to implement encryption services when providing encrypted traffic to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000730 - The JBoss server must be configured to use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000023 - The Juniper SRX Services Gateway VPN Internet Key Exchange (IKE) must use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000024 - The Juniper SRX Services Gateway VPN IKE must use NIST FIPS-validated cryptography to implement encryption services for unclassified VPN traffic. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD4X-00-001300 - MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| MD7X-00-004400 MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-OU-000011 - The minimum encryption key length in Outlook must be at least 168. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000141 - The Palo Alto Networks security platform providing encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000143 - The Palo Alto Networks security platform, if used for TLS/SSL decryption, must use NIST FIPS-validated cryptography to implement encryption. | DISA STIG Palo Alto ALG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-008000 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-008100 - PostgreSQL must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-008200 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012800 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 SPARC v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060060 - The operating system must employ FIPS-validate or NSA-approved cryptography to implement digital signatures. | DISA STIG Solaris 11 X86 v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000095 - SharePoint must employ NSA-approved cryptography to protect classified information. | DISA STIG SharePoint 2013 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000100 - SharePoint must employ FIPS-validated cryptography to protect unclassified information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals. | DISA STIG SharePoint 2013 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SPLK-CL-000010 - Splunk Enterprise must be installed with FIPS mode enabled, to implement NIST FIPS 140-2 approved ciphers for all cryptographic functions. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-001640 - Application servers must use NIST-approved or NSA-approved key management technology and processes. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-010370 - The Ubuntu operating system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010005 - The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000001 - The salt value for zones signed using NSEC3 RRs must be changed every time the zone is completely re-signed. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000031 - The Windows 2012 DNS Server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-SO-000230 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Microsoft Windows 10 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-DC-000140 - Separate, NSA-approved (Type 1) cryptography must be used to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data - Type 1 cryptography must be used to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data | DISA Windows Server 2016 STIG v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-DC-000140 - Windows Server 2019 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-SO-000360 - Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
