| AIX7-00-001045 - IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001124 - AIX root passwords must never be passed over a network in clear text form. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002058 - The AIX rexec daemon must not be running. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002059 - AIX telnet daemon must not be running. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-002060 - AIX ftpd daemon must not be running. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003040 - The AIX rsh daemon must be disabled. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000555 - The macOS system must unload tftpd. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-002031 - The macOS system must be configured to disable the system preference pane for iCloud. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002038 - The macOS system must be configured to disable the tftpd service. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | MAINTENANCE |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN000000-AIX00080 - The SYSTEM attribute must not be set to NONE for any account. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MD3X-00-000330 - If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-000600 - If passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | DISA STIG Oracle 11.2g v2r5 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000010 - OHS must have the SSLCipherSuite directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| OH12-1X-000240 - OHS must have the LoadModule ossl_module directive enabled to encrypt passwords during transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OH12-1X-000242 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt passwords during transmission - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-009500 - If passwords are used for authentication, PostgreSQL must store only hashed, salted representations of passwords. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004300 - If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004400 - If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SP13-00-000015 - SharePoint must utilize approved cryptography to protect the confidentiality of remote access sessions. | DISA STIG SharePoint 2013 v2r4 | Windows | ACCESS CONTROL |
| SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. | DISA STIG SQL Server 2016 Instance OS Audit v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-000690 - LDAP authentication must be secured. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010426 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000153 - Oracle WebLogic must authenticate users individually prior to using a group authenticator. | Oracle WebLogic Server 12c Linux v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000168 - Oracle WebLogic must encrypt passwords during transmission. | Oracle WebLogic Server 12c Windows v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - administrative security | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-000170 - The WebSphere Application Server global application security must be enabled - application security | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| WN12-AC-000009 - Reversible password encryption must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AC-000009 - Reversible password encryption must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AD-000003-DC - Active Directory Group Policy objects must have proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000004-DC - The Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000004-DC - Only administrators responsible for the domain controller must have Administrator rights on the system. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-CC-000460 - The Windows Installer Always install with elevated privileges option must be disabled. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN16-DC-000010 - Only administrators responsible for the domain controller must have Administrator rights on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-DC-000070 - Permissions on the Active Directory data files must only allow System and Administrators access. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-DC-000080 - The Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-DC-000110 - Domain-created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-SO-000360 - Windows Server 2016 must be configured to prevent the storage of the LAN Manager hash of passwords. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-UR-000030 - The Act as part of the operating system user right must not be assigned to any groups or accounts. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
