STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-000197

Definition

For password-based authentication, transmit passwords only over cryptographically-protected channels.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (180)

V-255599CAT IIThe A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts.A10 Networks ADC NDM Security Technical Implementation Guide V-204672CAT IAAA Services must be configured to encrypt transmitted credentials using a FIPS-validated cryptographic module.AAA Services Security Requirements Guide V-279040CAT IIColdFusion must configure WebSocket Service.Adobe ColdFusion Security Technical Implementation Guide V-279058CAT IIColdFusion must transmit only encrypted representations of passwords to NoSQL data sources.Adobe ColdFusion Security Technical Implementation Guide V-279059CAT IIColdFusion must only transmit encrypted representations of passwords to the Solr Server.Adobe ColdFusion Security Technical Implementation Guide V-279060CAT IIColdFusion must transmit only encrypted representations of passwords to the mail server.Adobe ColdFusion Security Technical Implementation Guide V-279061CAT IIColdFusion must only transmit encrypted representations of passwords to the caching server.Adobe ColdFusion Security Technical Implementation Guide V-279062CAT IIJVM Arguments must be configured for encryption.Adobe ColdFusion Security Technical Implementation Guide V-279083CAT IIColdFusion must configure Data Sources to limit SQL command and configure timeout.Adobe ColdFusion Security Technical Implementation Guide V-274007CAT IAmazon Linux 2023 must not have the vsftpd package installed.Amazon Linux 2023 Security Technical Implementation Guide V-268131CAT INixOS must not have the telnet package installed.Anduril NixOS Security Technical Implementation Guide V-214230CAT IIThe Apache web server must use cryptography to protect the integrity of remote sessions.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214278CAT IIThe Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214327CAT IIThe Apache web server must encrypt passwords during transmission.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222965CAT ILDAP authentication must be secured.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252501CAT IThe macOS system must be configured to disable the tftp service.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257207CAT IThe macOS system must be configured to disable the "tftp" service.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259499CAT IThe macOS system must disable Trivial File Transfer Protocol service.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268499CAT IThe macOS system must disable Trivial File Transfer Protocol (TFTP) service.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277108CAT IThe macOS system must disable Trivial File Transfer Protocol (TFTP) service.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-205026CAT IIThe ALG providing user authentication intermediary services must transmit only encrypted representations of passwords.Application Layer Gateway Security Requirements Guide V-222543CAT IThe application must transmit only cryptographically-protected passwords.Application Security and Development Security Technical Implementation Guide V-204752CAT IIThe application server must transmit only encrypted representations of passwords.Application Server Security Requirements Guide V-204753CAT IIThe application server must utilize encryption when using LDAP for authentication.Application Server Security Requirements Guide V-237322CAT IThe ArcGIS Server must use Windows authentication to enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272629CAT ICylanceON-PREM must be configured to use TLS 1.2 or higher.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-237409CAT IIThe CA API Gateway providing user authentication intermediary services must transmit only encrypted representations of passwords.CA API Gateway ALG Security Technical Implementation Guide V-251614CAT IIIPasswords sent through ODBC/JDBC must be encrypted.CA IDMS Security Technical Implementation Guide V-219177CAT IThe Ubuntu operating system must not have the telnet package installed.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238326CAT IThe Ubuntu operating system must not have the telnet package installed.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260483CAT IUbuntu 22.04 LTS must not have the "telnet" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270647CAT IUbuntu 24.04 LTS must not have the telnet package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206475CAT IFor accounts using password authentication, the Central Log Server must use FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process.Central Log Server Security Requirements Guide V-242651CAT IFor accounts using password authentication, the Cisco ISE must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Cisco ISE NDM Security Technical Implementation Guide V-234565CAT ICitrix Delivery Controller must implement DoD-approved encryption.Citrix Virtual Apps and Desktop 7.x Delivery Controller Security Technical Implementation Guide V-269403CAT IAlmaLinux OS 9 must not have any File Transfer Protocol (FTP) packages installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269404CAT IAlmaLinux OS 9 must not have any telnet packages installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233096CAT IFor accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Container Platform Security Requirements Guide V-233519CAT IIf passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261892CAT IIf passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206557CAT IIf passwords are used for authentication, the DBMS must transmit only encrypted representations of passwords.Database Security Requirements Guide V-269788CAT IThe Dell OS10 Switch must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.Dell OS10 Switch NDM Security Technical Implementation Guide V-235777CAT IFIPS mode must be enabled on all Docker Engine - Enterprise nodes.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224168CAT IIf passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213598CAT IIf passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259974CAT IThe Enterprise Voice, Video, and Messaging Endpoint, when using passwords or PINs for authentication or authorization, must be configured to cryptographically protect the PIN or password.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-260036CAT IIFor accounts using password authentication, the Enterprise Voice, Video, and Messaging Session Manager must be configured to use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259248CAT IIf passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-217405CAT IIThe BIG-IP appliance must only transmit encrypted representations of passwords.F5 BIG-IP Device Management Security Technical Implementation Guide V-266285CAT IFor accounts using password authentication, the F5 BIG-IP appliance site-to-site IPsec VPN Gateway must use SHA-2 or later protocol to protect the integrity of the password authentication process.F5 BIG-IP TMOS VPN Security Technical Implementation Guide V-234208CAT IThe FortiGate device must use LDAPS for the LDAP connection.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203630CAT IThe operating system must transmit only encrypted representations of passwords.General Purpose Operating System Security Requirements Guide V-255253CAT ISSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255272CAT IThe HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-255291CAT IThe HPE 3PAR OS CIMserver process must be configured to use approved encryption and communications protocols to protect the confidentiality of remote access sessions.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-255295CAT IThe HPE 3PAR OS WSAPI process must be configured to use approved encryption and communications protocols to protect the confidentiality of remote access sessions.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283387CAT IThe HPE Alletra Storage ArcusOS device must use FIPS 140-approved algorithms for authentication to a cryptographic module.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266937CAT IAOS must transmit only encrypted representations of passwords.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-266985CAT IAOS, when used as an IPsec VPN Gateway, must use Advanced Encryption Standard (AES) encryption for the Internet Key Exchange (IKE) proposal to protect confidentiality of remote access sessions.HPE Aruba Networking AOS VPN Security Technical Implementation Guide V-215204CAT IIF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.IBM AIX 7.x Security Technical Implementation Guide V-215221CAT IAIX root passwords must never be passed over a network in clear text form.IBM AIX 7.x Security Technical Implementation Guide V-215257CAT IThe AIX rexec daemon must not be running.IBM AIX 7.x Security Technical Implementation Guide V-215258CAT IAIX telnet daemon must not be running.IBM AIX 7.x Security Technical Implementation Guide V-215259CAT IAIX ftpd daemon must not be running.IBM AIX 7.x Security Technical Implementation Guide V-215322CAT IAIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.IBM AIX 7.x Security Technical Implementation Guide V-215346CAT IThe AIX rsh daemon must be disabled.IBM AIX 7.x Security Technical Implementation Guide V-215347CAT IThe AIX rlogind service must be disabled.IBM AIX 7.x Security Technical Implementation Guide V-252562CAT IThe IBM Aspera Console feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252587CAT IThe IBM Aspera Faspex feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252604CAT IThe IBM Aspera Shares feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252634CAT IIThe IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213699CAT IIIf passwords are used for authentication, DB2 must transmit only encrypted representations of passwords.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-255798CAT IIAccess to the MQ Appliance messaging server must utilize encryption when using LDAP for authentication.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250337CAT IThe WebSphere Liberty Server must use TLS-enabled LDAP.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255830CAT IThe WebSphere Application Server global application security must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255831CAT IThe WebSphere Application Server Single Sign On (SSO) must have SSL enabled for Web and SIP Security.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255870CAT IThe WebSphere Application Server application security must be enabled for each security domain except for publicly available applications specified in the System Security Plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255871CAT IThe WebSphere Application Server secure LDAP (LDAPS) must be used for authentication.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223505CAT IACF2 must use NIST FIPS-validated cryptography to protect passwords in the security database.IBM z/OS ACF2 Security Technical Implementation Guide V-223729CAT INIST FIPS-validated cryptography must be used to protect passwords in the security database.IBM z/OS RACF Security Technical Implementation Guide V-223887CAT IIBM z/OS must use NIST FIPS-validated cryptography to protect passwords in the security database.IBM z/OS TSS Security Technical Implementation Guide V-237911CAT ICA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258615CAT IThe ICS must be configured to transmit only encrypted representations of passwords.Ivanti Connect Secure NDM Security Technical Implementation Guide V-213532CAT IILDAP enabled security realm value allow-empty-passwords must be set to false.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-213533CAT IIJBoss must utilize encryption when using LDAP for authentication.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-66527CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort) the Juniper SRX Services Gateway must use the SHA1 or later protocol for password authentication.Juniper SRX SG NDM Security Technical Implementation Guide V-223223CAT IThe Juniper SRX Services Gateway must use the SHA256 or later protocol for password authentication for local accounts using password authentication (i.e., the root account and the account of last resort).Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213966CAT IIf passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213967CAT IConfidentiality of information during transmission is controlled through the use of an approved TLS version.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205502CAT IIThe Mainframe Product must transmit only cryptographically protected passwords.Mainframe Product Security Requirements Guide V-253698CAT IIf passwords are used for authentication, MariaDB must transmit only encrypted representations of passwords.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220365CAT IIf passwords are used for authentication, the MarkLogic Server must transmit only encrypted representations of passwords.MarkLogic Server v9 Security Technical Implementation Guide V-74195CAT IIThe Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy.McAfee Application Control 7.x Security Technical Implementation Guide V-276305CAT IIf passwords are used for authentication, Azure SQL Server Managed Instance must transmit only encrypted representations of passwords.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-218749CAT IIA private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-271309CAT IIf passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271310CAT IConfidentiality of information during transmission must be controlled through the use of an approved TLS version.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220926CAT IIUnencrypted passwords must not be sent to third-party SMB Servers.Microsoft Windows 10 Security Technical Implementation Guide V-253450CAT IIUnencrypted passwords must not be sent to third-party SMB Servers.Microsoft Windows 11 Security Technical Implementation Guide V-225041CAT IIUnencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205655CAT IIWindows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254462CAT IIWindows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278212CAT IIWindows Server 2025 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260908CAT IFIPS mode must be enabled.Mirantis Kubernetes Engine Security Technical Implementation Guide V-221171CAT IIf passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252139CAT IIf passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265918CAT IIf passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279350CAT IIf passwords are used for authentication, MongoDB must transmit only encrypted representations of passwords.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202065CAT IThe network device must transmit only encrypted representations of passwords.Network Device Management Security Requirements Guide V-254112CAT INutanix AOS must utilize encryption when using LDAP for authentication.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254200CAT IINutanix AOS must not have the rsh-server package installed.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279440CAT IINutanix AOS must use encryption when using LDAP for authentication.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279628CAT IINutanix OS must install and use SSH for remote access.Nutanix Acropolis GPOS Security Technical Implementation Guide V-270565CAT IIIf passwords are used for authentication, the Oracle Database must transmit only encrypted representations of passwords.Oracle Database 19c Security Technical Implementation Guide V-221474CAT IOHS must have the LoadModule ossl_module directive enabled to encrypt passwords during transmission.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221475CAT IOHS must use FIPS modules to encrypt passwords during transmission.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221476CAT IOHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt passwords during transmission.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221477CAT IOHS must have the SSLCipherSuite directive enabled to encrypt passwords during transmission.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221856CAT IThe Oracle Linux operating system must be configured so that the SSH daemon is configured to only use the SSHv2 protocol.Oracle Linux 7 Security Technical Implementation Guide V-271462CAT IOL 9 must not have a File Transfer Protocol (FTP) server package installed.Oracle Linux 9 Security Technical Implementation Guide V-235139CAT IIf passwords are used for authentication, the MySQL Database Server 8.0 must transmit only encrypted representations of passwords.Oracle MySQL 8.0 Security Technical Implementation Guide V-235971CAT IOracle WebLogic must encrypt passwords during transmission.Oracle WebLogic Server 12c Security Technical Implementation Guide V-235972CAT IOracle WebLogic must utilize encryption when using LDAP for authentication.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228655CAT IIThe Palo Alto Networks security platform must prohibit the use of unencrypted protocols for network access to privileged accounts.Palo Alto Networks NDM Security Technical Implementation Guide V-214056CAT IIf passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.PostgreSQL 9.x Security Technical Implementation Guide V-273808CAT IThe RUCKUS ICX device must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.RUCKUS ICX NDM Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-256907CAT IIAutomation Controller must utilize encryption when using LDAP for authentication.Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide V-280949CAT IRHEL 10 must not have the "tftp" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-280951CAT IRHEL 10 must not have a File Transfer Protocol (FTP) server package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281363CAT IIRHEL 10 must be configured to operate in secure mode if the Trivial File Transfer Protocol (TFTP) server service is required.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204594CAT IThe Red Hat Enterprise Linux operating system must be configured so that the SSH daemon is configured to only use the SSHv2 protocol.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-257826CAT IRHEL 9 must not have a File Transfer Protocol (FTP) server package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275577CAT IUbuntu OS must not have the "telnet" package installed.Riverbed NetIM OS Security Technical Implementation Guide V-256090CAT IThe Riverbed NetProfiler must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 validated algorithm to protect the confidentiality and integrity of all cryptographic functions.Riverbed NetProfiler Security Technical Implementation Guide V-237619CAT IIThe SUSE operating system must not have the vsftpd package installed if not required for operational support.SLES 12 Security Technical Implementation Guide V-261277CAT ISLEM 5 must not have the telnet-server package installed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217258CAT IIThe SUSE operating system must not have the telnet-server package installed.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-237619CAT IIThe SUSE operating system must not have the vsftpd package installed if not required for operational support.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-1046CAT IRoot passwords must never be passed over a network in clear text form.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-24386CAT IThe telnet daemon must not be running.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216387CAT IIThe boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).Solaris 11 SPARC Security Technical Implementation Guide V-216150CAT IIThe boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).Solaris 11 X86 Security Technical Implementation Guide V-221609CAT ISplunk Enterprise must use LDAPS for the LDAP connection.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251686CAT ISplunk Enterprise must be installed in FIPS mode to implement NIST FIPS-approved cryptography for all cryptographic functions.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-279166CAT IIThe ALG providing user authentication intermediary services must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).Symantec Edge SWG ALG Security Technical Implementation Guide V-279249CAT IThe Edge SWG must be configured to use tlsv1.2 or greater.Symantec Edge SWG NDM Security Technical Implementation Guide V-94703CAT ISymantec ProxySG must transmit only encrypted representations of passwords.Symantec ProxySG NDM Security Technical Implementation Guide V-213319CAT IIThe Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy.Trellix Application Control 8.x Security Technical Implementation Guide V-253065CAT IITOSS must not have the rsh-server package installed.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282462CAT IITOSS 5 must not have the rsh-server package installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234375CAT IFor UEM server using password authentication, the network element must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Unified Endpoint Management Server Security Requirements Guide V-240062CAT IIHAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-240299CAT IIThe vRA PostgreSQL database must be configured to use ssl.VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide V-239797CAT IIIf passwords are used for authentication, the vROps PostgreSQL DB must transmit only encrypted representations of passwords.VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide V-265315CAT IThe NSX Manager must only enable TLS 1.2 or greater.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-240248CAT IILighttpd must use SSL/TLS protocols in order to secure passwords during transmission from the client.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240802CAT IItc Server HORIZON must encrypt passwords during transmission.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240803CAT IItc Server VCAC must encrypt passwords during transmission.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240940CAT IThe vAMI must transmit only encrypted representations of passwords.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-240971CAT IvIDM must utilize encryption when using LDAP for authentication.VMware vRealize Automation 7.x vIDM Security Technical Implementation Guide V-241654CAT IItc Server UI must encrypt passwords during transmission.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241655CAT IItc Server CaSa must encrypt passwords during transmission.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241656CAT IItc Server API must encrypt passwords during transmission.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256647CAT IIVAMI must use cryptography to protect the integrity of remote sessions.VMware vSphere 7.0 VAMI Security Technical Implementation Guide V-256503CAT IIThe Photon operating system must use an OpenSSH server version that does not support protocol 1.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256601CAT IVMware Postgres must be configured to use Transport Layer Security (TLS).VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-256740CAT IIEnvoy must use only Transport Layer Security (TLS) 1.2 for the protection of client connections.VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide V-256331CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258819CAT IThe Photon operating system must not have the telnet package installed.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-259175CAT IIThe vCenter PostgreSQL service must require authentication on all connections.VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258971CAT IIThe vCenter STS service must be configured to use strong encryption ciphers.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-258917CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207377CAT IIThe VMM must transmit only encrypted representations of passwords.Virtual Machine Manager Security Requirements Guide V-207247CAT IIFor accounts using password authentication, the site-to-site VPN Gateway must use SHA-2 or later protocol to protect the integrity of the password authentication process.Virtual Private Network (VPN) Security Requirements Guide V-206387CAT IIThe web server must encrypt passwords during transmission.Web Server Security Requirements Guide V-73657CAT IIUnencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Windows Server 2016 Security Technical Implementation Guide V-73657CAT IIUnencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Windows Server 2016 Security Technical Implementation Guide V-93469CAT IIWindows Server 2019 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.Windows Server 2019 Security Technical Implementation Guide