| 2.5 Set 'Do not check e- mail address against address of certificates being used' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 11 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-003020 - The macOS system must use multifactor authentication for local access to privileged and non-privileged accounts. | DISA STIG Apple macOS 12 v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-13-003020 - The macOS system must use multifactor authentication for local access to privileged and nonprivileged accounts. | DISA STIG Apple macOS 13 v1r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Map identity for PKI based authentication | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Big Sur - Map identity for PKI based authentication | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000390 - The Cisco ASA remote access VPN server must be configured to use a separate authentication server than that used for administrative access. | DISA STIG Cisco ASA VPN v1r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - authorization-required | DISA STIG Cisco ASA VPN v1r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - authorization-server-group | DISA STIG Cisco ASA VPN v1r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - username-from-certificate | DISA STIG Cisco ASA VPN v1r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Map identity for PKI based authentication | NIST macOS Catalina v1.5.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Catalina - Map identity for PKI based authentication | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000085 - The BIG-IP APM module must map the authenticated identity to the user account for PKI-based authentication to virtual servers. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-LT-000085 - The BIG-IP Core implementation providing PKI-based, user authentication intermediary services must be configured to map the authenticated identity to the user account for PKI-based authentication to virtual servers. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox MacOS v6r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Linux v6r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| FFOX-00-000003 - Firefox must be configured to ask which certificate to present to a website when a certificate is required. | DISA STIG Mozilla Firefox Windows v6r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004200 - MariaDB must map PKI ID to an associated user account. | DISA MariaDB Enterprise 10.x v1r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000370 - MongoDB must map the PKI-authenticated identity to an associated user account. | DISA STIG MongoDB Enterprise Advanced 3.x v2r1 DB | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| MD4X-00-003200 - MongoDB must map the PKI-authenticated identity to an associated user account. | DISA STIG MongoDB Enterprise Advanced 4.x v1r2 DB | MongoDB | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce Smartcard Authentication | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce Smartcard Authentication | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Enforce Smartcard Authentication | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Map identity for PKI based authentication | NIST macOS Monterey v1.0.0 - All Profiles | Unix | IDENTIFICATION AND AUTHENTICATION |
| Monterey - Map identity for PKI based authentication | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-004900 - The MySQL Database Server 8.0 must map the PKI-authenticated identity to an associated user account. | DISA Oracle MySQL 8.0 v1r4 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CIPHER_SUITES | DISA STIG Oracle 11.2g v2r3 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CIPHER_SUITES | DISA STIG Oracle 11.2g v2r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CLIENT_AUTHENTICATION | DISA STIG Oracle 11.2g v2r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CLIENT_AUTHENTICATION | DISA STIG Oracle 11.2g v2r3 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_VERSION | DISA STIG Oracle 11.2g v2r3 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_VERSION | DISA STIG Oracle 11.2g v2r3 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-015501 - Processes (services, applications, etc.) that connect to the DBMS independently of individual users, must use valid, current DoD-issued PKI certificates for authentication to the DBMS. | DISA STIG Oracle 11.2g v2r3 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020090 - OL 8 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Oracle Linux 8 STIG v1r8 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG PostgreSQL 9.x on RHEL OS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020090 - RHEL 8 must map the authenticated identity to the user or group account for PKI-based authentication. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SYMP-AG-000410 - Symantec ProxySG, when configured for reverse proxy/WAF services and providing PKI-based user authentication intermediary services, must map the client certificate to the authentication server store. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010426 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Ubuntu 18.04 LTS v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010006 - The Ubuntu operating system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000174 - Oracle WebLogic must map the PKI-based authentication identity to the user account. | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001110 - WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001110 - WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001110 - WebSphere Application Server must authenticate all network-connected endpoint devices before establishing any connection | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBSP-AS-001260 - The WebSphere Application Server must use signer for DoD-issued certificates. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
