| 5.3.1 Ensure SSH is installed | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure SSH is running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-002097 - AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods. | DISA STIG AIX 7.x v2r9 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH version | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently running | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception. | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception. | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception. | EDB PostgreSQL Advanced Server v11 DB Audit v2r2 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SI-000249 - The IIS 8.5 website must maintain the confidentiality and integrity of information during preparation for transmission and during reception. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | DISA STIG Oracle 11.2g v2r3 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000324 - OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000325 - OHS must have the SSLFIPS directive enabled to maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000326 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000326 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during preparation for transmission - SSLWallet | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000333 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during reception - SSLEngine | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000333 - OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to maintain the confidentiality and integrity of information during reception - SSLProtocol | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000334 - OHS must have the SSLCipherSuite directive enabled to maintain the confidentiality and integrity of information during reception. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000336 - If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL, OHS must have the WLSSLWallet directive enabled to maintain the confidentiality and integrity of information during reception. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000337 - If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS, OHS must have the WLProxySSL directive enabled to maintain the confidentiality and integrity of information during reception. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL07-00-040300 - The Oracle Linux operating system must be configured so that all networked systems have SSH installed. | DISA Oracle Linux 7 STIG v2r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-040159 - All OL 8 networked systems must have SSH installed. | DISA Oracle Linux 8 STIG v1r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-040160 - All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA Oracle Linux 8 STIG v1r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040300 - The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-07-040310 - The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030100 - All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA SLES 12 STIG v2r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-15-010530 - All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA SLES 15 STIG v1r12 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-060120 - The operating system must maintain the confidentiality of information during aggregation, packaging, and transformation in preparation for transmission. | DISA STIG Solaris 11 SPARC v2r9 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-035000 - The confidentiality and integrity of information managed by SQL Server must be maintained during preparation for transmission. | DISA STIG SQL Server 2014 Instance DB Audit v2r3 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-030420 - All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission - installed | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-030420 - All networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission - running | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-18-010420 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS). | DISA STIG Ubuntu 18.04 LTS v2r13 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-20-010042 - The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000006 - vSphere Client must be configured to enable SSL/TLS. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPG-70-000011 - VMware Postgres must be configured to use Transport Layer Security (TLS). | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCRP-70-000004 - Envoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-00-000290 - Protection methods such as TLS, encrypted VPNs, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | DISA Windows Server 2016 STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-00-000260 - Windows Server 2019 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | DISA Windows Server 2019 STIG v2r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
