| 1.10 Ensure required packages for multifactor authentication are installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-003205 - The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials - PIV credentials | DISA STIG AIX 7.x v2r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions - PIV credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions. | DISA STIG Apple macOS 12 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-13-001060 - The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA STIG Apple macOS 13 v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Set Smartcard Certificate Trust to Moderate | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to High | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Set Smartcard Certificate Trust to Moderate | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000040 - The ESXi host must use multifactor authentication for local DCUI access to privileged accounts. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000135 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EX13-MB-000305 - Exchange Outlook Anywhere (OA) clients must use NTLM authentication to access email. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce Smartcard Authentication | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Set Smartcard Certificate Trust to Moderate | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-041001 - The Oracle Linux operating system must have the required packages for multifactor authentication installed. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-041002 - The Oracle Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM) - PAM. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-041003 - The Oracle Linux operating system must implement certificate status checking for PKI authentication. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-010400 - OL 8 must implement certificate status checking for multifactor authentication. | DISA Oracle Linux 8 STIG v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'Certificate Profile' | DISA STIG Palo Alto NDM v2r2 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'DOD CA certificates' | DISA STIG Palo Alto NDM v2r2 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PANW-NM-000110 - The Palo Alto Networks security platform must accept and verify Personal Identity Verification (PIV) credentials - 'Use OCSP' | DISA STIG Palo Alto NDM v2r2 | Palo_Alto | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041001 - The Red Hat Enterprise Linux operating system must have the required packages for multifactor authentication installed. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041002 - The Red Hat Enterprise Linux operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM). | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-041003 - The Red Hat Enterprise Linux operating system must implement certificate status checking for PKI authentication. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-215075 - RHEL 9 must have the openssl-pkcs11 package installed. | DISA Red Hat Enterprise Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611170 - RHEL 9 must implement certificate status checking for multifactor authentication. | DISA Red Hat Enterprise Linux 9 STIG v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030500 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030510 - The SUSE operating system must implement certificate status checking for multifactor authentication. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010460 - The SUSE operating system must have the packages required for multifactor authentication to be installed. | DISA SLES 15 STIG v1r12 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-15-010470 - The SUSE operating system must implement certificate status checking for multifactor authentication - which includes status information to an accepted trust anchor. | DISA SLES 15 STIG v1r12 | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface. | DISA STIG Apache Tomcat Application Server 9 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| TCAT-AS-001320 - Multifactor certificate-based tokens (CAC) must be used when accessing the management interface. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030800 - The Ubuntu operating system must have the packages required for multifactor authentication to be installed. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030810 - The Ubuntu operating system must accept Personal Identity Verification (PIV) credentials. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-030820 - The Ubuntu operating system must implement certificate status checking for multifactor authentication. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000060 - The vCenter Server must require multifactor authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r2 | VMware | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r2 | VMware | IDENTIFICATION AND AUTHENTICATION |
