| 1.1.3 Ensure 'Master Key Passphrase' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.3 Set password lifetime, warning time and grace time for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 19c Linux v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 18c Windows v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.034 - Unencrypted passwords must not be sent to third-party SMB Servers. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.057 - Reversible password encryption is not disabled. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.073 - The system must be configured to prevent the storage of the LAN Manager hash of passwords. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.011 - Maximum password age does not meet minimum requirements. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.012 - Minimum password age does not meet minimum requirements. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.013 - For systems utilizing a logon ID as the individual identifier, passwords must be a minimum of 14 characters in length. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.014 - The password history must be configured to 24 passwords remembered. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.026 - To the extent system capabilities permit, system mechanisms are not implemented to enforce automatic expiration of passwords. | DISA Windows Vista STIG v6r41 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 - password-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.3 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.5 Ensure system-auth is used when changing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.11 Ensure password prohibited reuse is at a minimum 5 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.7 Ensure password expiration is 60 Day maximum for new users | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.8 Ensure password expiration is 60 Day maximum for existing passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.6 Ensure user and group account administration utilities are configured to store only encrypted representations of passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.4 Ensure Network Encryption is Configured and Enabled | CIS SQL Server 2022 Database L2 DB v1.1.0 | MS_SQLDB | CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| DG0079-ORACLE11 - DBMS login accounts require passwords to meet complexity requirements. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0125-ORACLE11 - DBMS account passwords should be set to expire every 60 days or more frequently - 'Database password expiration < 60 days' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0126-ORACLE11 - Password reuse should be prevented where supported by the DBMS - 'No unlimited REUSE_MAX or REUSE_TIME for DEFAULT profile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0126-ORACLE11 - Password reuse should be prevented where supported by the DBMS - 'No unlimited REUSE_MAX or REUSE_TIME for non DEFAULT profiles' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'name' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0129-ORACLE11 - Passwords should be encrypted when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG0129-ORACLE11 - Passwords should be encrypted when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| DG0130-ORACLE11 - DBMS passwords should not be stored in compiled, encoded or encrypted batch jobs or compiled, encoded or encrypted application source code. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000035 - The ESXi host must enforce password complexity by configuring a password quality policy. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| GEN000540 - Users must not be able to change passwords more than once every 24 hours. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000580 - The system must require passwords to contain a minimum of 14 characters. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000585 - The system must enforce the entire password during authentication - 'Verify no password hashes in /etc/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000585 - The system must enforce the entire password during authentication - 'Verify no password hashes in the /etc/security/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'no password hashes in /etc/security/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'Verify no password hashes in /etc/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000640 - The system must require that passwords contain at least one special character. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000740 - All non-interactive/automated processing account passwords must be changed at least once per year or be locked. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000800 - The system must prohibit the reuse of passwords within five iterations. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'root has logged in over a network' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN001100 - Root passwords must never be passed over a network in clear text form - 'ssh is running' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN002000 - There must be no .netrc files on the system. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN003850 - The telnet daemon must not be running. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008050 - The /etc/ldap.conf file (or equivalent) must not contain passwords - 'bindpwd: is not unencrypted' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN008050 - The /etc/ldap.conf file (or equivalent) must not contain passwords - 'ldapsslkeypwd: is not unencrypted' | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611060 - RHEL 9 must enforce password complexity rules for the root account. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
