| 1.1.6 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 19c Linux v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 18c Windows v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.5 (L1) Ensure 'Domain controller: LDAP server signing requirements Enforcement' is set to 'Enabled' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure an industry standard authentication mechanism is used - mode | CIS MongoDB 3.4 L2 Unix Audit v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Encrypt user data across the network - 'authentication = Data_Encrypt' | CIS IBM DB2 OS L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.0.6 Enable SSL communication with LDAP server | CIS IBM DB2 OS L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.59.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Ciphers | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXi : enable-nfc-ssl | VMWare vSphere 5.X Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG140 IIS6 - A private web sites authentication mechanism must use client certificates. - 'AccessSSL Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG140 IIS6 - A private web sites authentication mechanism must use client certificates. - 'AccessSSLRequireCert Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG140 W22 - Private web servers must require certificates issued from a DoD-authorized Certificate Authority. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - '128-Bit Encryption Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 IIS6 - A private web server must utilize an approved TLS version. - 'SSL Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLEngine' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLProtocol' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - '128-Bit Encryption Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL Enabled' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG345 A22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG345 A22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG345 W22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
