| AIOS-16-011400 - Apple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-16-711400 - Apple iOS/iPadOS 16 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 16 Mail app. | MobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-17-014800 - Apple iOS/iPadOS 17 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| AIOS-18-014800 - Apple iOS/iPadOS 18 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001011 - Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000565 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-000011 - The macOS system must disable the SSHD service. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-14-001100 The macOS system must disable root logon for SSH. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| APPL-15-000100 - The macOS system must disable root login. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Disable SSH Server for Remote Access Sessions | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000530 - The Cisco router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| ESXI-65-000040 - The ESXi host must use multifactor authentication for local access to privileged accounts. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000079 - The BIG-IP APM module must use multifactor authentication for network access to non-privileged accounts. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - halt' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - shutdown' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - reboot' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - shutdown' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - /etc/passwd halt' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - /etc/passwd reboot' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| JUSX-DM-000124 - The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-VN-000019 - The Juniper SRX Services Gateway VPN must use multifactor authentication (e.g., DoD PKI) for network access to non-privileged accounts. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000027 - The system must prevent the root account from logging in from virtual consoles. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000234 - The SSH daemon must ignore .rhosts files - 'IgnoreRhosts yes' | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000236 - The SSH daemon must not allow host-based authentication. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000349 - The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication. | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010061 - The Oracle Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010300 - The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password. | DISA Oracle Linux 7 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PANW-NM-000051 - The Palo Alto Networks security platform must implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA STIG Palo Alto NDM v3r2 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000026 - The Photon operating system must use an OpenSSH server version that does not support protocol 1. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000234 - The SSH daemon must ignore .rhosts files. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000236 - The SSH daemon must not allow host-based authentication. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000237 - The system must not permit root logins using remote access programs such as ssh. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010300 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using an empty password. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010500 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000045 - Splunk Enterprise must use an SSO proxy service, F5 device, or SAML implementation to accept the DOD common access card (CAC) or other smart card credential for identity management, personal authentication, and multifactor authentication. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-000104-ESXI5 - All accounts must be assigned unique User Identification Numbers (UIDs) - UIDs | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000610 - JMX authentication must be secured. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000630 - TLS must be enabled on JMX. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010080 - The Ubuntu operating system must prevent direct login into the root account. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030810 - The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010036 - The Ubuntu operating system must prevent direct login into the root account. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000010 - The vCenter Server for Windows must limit the use of the built-in SSO administrative account. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000153 - Oracle WebLogic must authenticate users individually prior to using a group authenticator. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000153 - Oracle WebLogic must authenticate users individually prior to using a group authenticator. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000020 - Windows Server 2019 Kerberos user logon restrictions must be enforced. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
