Item Search

NameAudit NamePluginCategory
3.061 - Unencrypted remote access is permitted to system services.DISA Windows Vista STIG v6r41Windows

ACCESS CONTROL

AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.MobileIron - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL

AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.AirWatch - DISA Apple iOS/iPadOS 14 v1r3MDM

ACCESS CONTROL

CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CASA-VN-000640 - The Cisco VPN remote access server must be configured to use AES256 or greater encryption for the Internet Key Exchange (IKE) Phase 1 to protect confidentiality of remote access sessions - IKE Phase 1 to protect confidentiality of remote access sessions.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use AES256 or greater encryption for the IPsec security association to protect the confidentiality of remote access sessions - AES encryption for the IPsec security association to protect the confidentiality of remote access sessions.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CNTR-K8-000160 - The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.DISA STIG Kubernetes v2r2Unix

ACCESS CONTROL

CNTR-K8-000170 - The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.DISA STIG Kubernetes v2r2Unix

ACCESS CONTROL

CNTR-K8-000180 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.DISA STIG Kubernetes v2r2Unix

ACCESS CONTROL

CNTR-K8-000190 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination.DISA STIG Kubernetes v2r2Unix

ACCESS CONTROL

ESXI-67-000010 - The ESXi host SSH daemon must use DoD-approved encryption to protect the confidentiality of remote access sessions.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

ACCESS CONTROL

ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.DISA STIG VMware vSphere 7.0 ESXi OS v1r2Unix

ACCESS CONTROL

ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.DISA STIG VMware vSphere 7.0 ESXi OS v1r2Unix

ACCESS CONTROL

ESXI-80-000014 The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.DISA VMware vSphere 8.0 ESXi STIG OS v2r1Unix

ACCESS CONTROL

EX19-ED-000006 SchUseStrongCrypto must be enabled.DISA Microsoft Exchange 2019 Edge Server STIG v2r1Windows

ACCESS CONTROL

EX19-MB-000006 Exchange must use encryption for RPC client access.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1Windows

ACCESS CONTROL

EX19-MB-000007 Exchange must use encryption for Outlook Web App (OWA) access.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1Windows

ACCESS CONTROL

EX19-MB-000008 Exchange must have forms-based authentication enabled.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1Windows

ACCESS CONTROL

GEN003820 - The rsh daemon must not be running.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

GEN003830 - The rlogind service must not be running.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

GEN005505 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers.DISA STIG AIX 5.3 v1r2Unix

ACCESS CONTROL

KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use.MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use.MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017120 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use.MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017120 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile.MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

ACCESS CONTROL

OL08-00-040161 - OL 8 must force a frequent session key renegotiation for SSH connections to the server.DISA Oracle Linux 8 STIG v2r2Unix

ACCESS CONTROL

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-09-671020 - RHEL 9 IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms.DISA Red Hat Enterprise Linux 9 STIG v2r2Unix

ACCESS CONTROL

SLES-15-010160 - The SUSE operating system must implement DOD-approved encryption to protect the confidentiality of SSH remote connections.DISA SLES 15 STIG v2r2Unix

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_cipherDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_ssl_versionDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipherDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_ssl_versionDISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

SYMP-AG-000050 - Symantec ProxySG storing secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

ACCESS CONTROL

UBTU-18-010421 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.DISA STIG Ubuntu 18.04 LTS v2r15Unix

ACCESS CONTROL

UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.DISA STIG Ubuntu 20.04 LTS v2r1Unix

ACCESS CONTROL

UBTU-22-255060 - Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms.DISA STIG Canonical Ubuntu 22.04 LTS v2r2Unix

ACCESS CONTROL

VCRP-67-000003 - The rhttpproxy must be configured to operate solely with FIPS ciphers.DISA STIG VMware vSphere 6.7 RhttpProxy v1r3Unix

ACCESS CONTROL

WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

ACCESS CONTROL

WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

ACCESS CONTROL

WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

ACCESS CONTROL

WN11-CC-000290 - Remote Desktop Services must be configured with the client connection encryption set to the required level.DISA Windows 11 STIG v2r2Windows

ACCESS CONTROL