STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-3 (1) — Device Identification and Authentication

CCI-001967

Definition

Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Parent Control

IA-3 (1)Device Identification and AuthenticationIdentification and Authentication

Linked STIG Checks (141)

V-255614CAT IIThe A10 Networks ADC must authenticate Network Time Protocol sources.A10 Networks ADC NDM Security Technical Implementation Guide V-252537CAT IIThe macOS system must restrict the ability to utilize external writeable media devices.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252699CAT IIIThe macOS system must be configured with Bluetooth turned off unless approved by the organization.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257218CAT IIIThe macOS system must be configured with Bluetooth turned off unless approved by the organization.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222534CAT IIService-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS.Application Security and Development Security Technical Implementation Guide V-237337CAT IThe ArcGIS Server Windows authentication must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255959CAT IIThe Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255958CAT IIThe Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-255959CAT IIThe Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-214665CAT IIThe Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.Arista Multilayer Switch DCS-7000 Series L2S Security Technical Implementation Guide V-230143CAT IIThe Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less.Arista Multilayer Switch DCS-7000 Series L2S Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-272435CAT IThe BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer, and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.BIND 9.x Security Technical Implementation Guide V-255516CAT IIIThe CA API Gateway must authenticate NTP endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.CA API Gateway NDM Security Technical Implementation Guide V-255517CAT IIThe CA API Gateway must authenticate SNMP endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.CA API Gateway NDM Security Technical Implementation Guide V-255518CAT IIThe CA API Gateway must authenticate RADIUS endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.CA API Gateway NDM Security Technical Implementation Guide V-255519CAT IIThe CA API Gateway must authenticate LDAPS endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.CA API Gateway NDM Security Technical Implementation Guide V-255520CAT IIThe CA API Gateway must obtain LDAPS server certificates securely to use bidirectional authentication that is cryptographically based.CA API Gateway NDM Security Technical Implementation Guide V-271917CAT IIThe Cisco ACI must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco ACI NDM Security Technical Implementation Guide V-271923CAT IIThe Cisco ACI must use DOD-approved Network Time Protocol (NTP) sources that use authentication that is cryptographically based.Cisco ACI NDM Security Technical Implementation Guide V-239927CAT IIThe Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco ASA NDM Security Technical Implementation Guide V-239928CAT IIThe Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm.Cisco ASA NDM Security Technical Implementation Guide V-239929CAT IIThe Cisco ASA must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.Cisco ASA NDM Security Technical Implementation Guide V-215696CAT IIThe Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco IOS Router NDM Security Technical Implementation Guide V-215698CAT IIThe Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.Cisco IOS Router NDM Security Technical Implementation Guide V-220604CAT IIThe Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco IOS Switch NDM Security Technical Implementation Guide V-220606CAT IIThe Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.Cisco IOS Switch NDM Security Technical Implementation Guide V-215841CAT IIThe Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco IOS XE Router NDM Security Technical Implementation Guide V-215843CAT IIThe Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220552CAT IIThe Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220554CAT IIThe Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216538CAT IIThe Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco IOS XR Router NDM Security Technical Implementation Guide V-216540CAT IIThe Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242603CAT IIBefore establishing a connection with a Network Time Protocol (NTP) server, the Cisco ISE must authenticate using a bidirectional, cryptographically based authentication method that uses a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the NTP server. This is required for compliance with C2C Step 1.Cisco ISE NAC Security Technical Implementation Guide V-242604CAT IIBefore establishing a local, remote, and/or network connection with any endpoint device, the Cisco ISE must use a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the endpoint device. This is required for compliance with C2C Step 1.Cisco ISE NAC Security Technical Implementation Guide V-242643CAT IIThe Cisco ISE must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco ISE NDM Security Technical Implementation Guide V-242644CAT IIThe Cisco ISE must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Cisco ISE NDM Security Technical Implementation Guide V-220500CAT IIThe Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Cisco NX OS Switch NDM Security Technical Implementation Guide V-220502CAT IIThe Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269383CAT IIAlmaLinux OS 9 must not have the autofs package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269793CAT IIThe Dell OS10 Switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Dell OS10 Switch NDM Security Technical Implementation Guide V-269794CAT IIThe Dell OS10 Switch must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Dell OS10 Switch NDM Security Technical Implementation Guide V-235777CAT IFIPS mode must be enabled on all Docker Engine - Enterprise nodes.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205204CAT IIThe DNS server implementation must authenticate another DNS server before establishing a remote and/or network connection using bidirectional authentication that is cryptographically based.Domain Name System (DNS) Security Requirements Guide V-271105CAT IIBefore establishing a network connection with a Network Time Protocol (NTP) server, Dragos Platform must authenticate using a bidirectional, cryptographically based authentication method that uses a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the NTP server.Dragos Platform 2.x Security Technical Implementation Guide V-266086CAT IIThe F5 BIG-IP appliance must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-278405CAT IINGINX must be configured to use FIPS-approved algorithms to protect the confidentiality and integrity of transmitted information.F5 NGINX Security Technical Implementation Guide V-255652CAT IICounterACT must authenticate any endpoint used for network management before establishing a local, remote, and/or network connection using cryptographically based bidirectional authentication.ForeScout CounterACT NDM Security Technical Implementation Guide V-255653CAT ICounterACT must authenticate SNMPv3 endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.ForeScout CounterACT NDM Security Technical Implementation Guide V-233339CAT IIForescout must use a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the endpoint device. This is required for compliance with C2C Step 1.Forescout Network Access Control Security Technical Implementation Guide V-230961CAT IForescout must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Forescout Network Device Management Security Technical Implementation Guide V-234201CAT IIThe FortiGate device must authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-234202CAT IIThe FortiGate device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203731CAT IIThe operating system must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.General Purpose Operating System Security Requirements Guide V-283409CAT IIThe HPE Alletra Storage ArcusOS device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-283410CAT IIThe HPE Alletra Storage ArcusOS device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266958CAT IIAOS must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-266976CAT IIAOS must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-266560CAT IIThe network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.HPE Aruba Networking AOS Wireless Security Technical Implementation Guide V-65165CAT IThe DataPower Gateway must use SNMPv3.IBM DataPower Network Device Management Security Technical Implementation Guide V-255807CAT IThe MQ Appliance messaging server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255869CAT IIThe WebSphere Application Server must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-224770CAT IIBefore establishing a local, remote, and/or network connection with any endpoint device, the ISEC7 SPHERE must use a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device.ISEC7 Sphere Security Technical Implementation Guide V-224776CAT IIIf cipher suites using pre-shared keys are used for device authentication, the ISEC7 SPHERE must have a minimum security strength of 112 bits or higher, must only be used in networks where both the client and server are government systems, must prohibit client negotiation to TLS 1.1, TLS 1.0, SSL 2.0, or SSL 3.0 and must prohibit or restrict the use of protocols that transmit unencrypted authentication information or use flawed cryptographic algorithm for transmission.ISEC7 Sphere Security Technical Implementation Guide V-214187CAT IIThe DNS server implementation must authenticate another DNS server before establishing a remote and/or network connection using bidirectional authentication that is cryptographically based.Infoblox 7.x DNS Security Technical Implementation Guide V-233901CAT IIThe Infoblox DNS service member must authenticate another DNS service member before establishing a remote and/or network connection using bidirectional authentication that is cryptographically based.Infoblox 8.x DNS Security Technical Implementation Guide V-258602CAT IIIf SNMP is used, the ICS must be configured to use SNMPv3 with FIPS-140-2/3 validated Keyed-Hash Message Authentication Code (HMAC).Ivanti Connect Secure NDM Security Technical Implementation Guide V-258603CAT IIThe ICS must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Ivanti Connect Secure NDM Security Technical Implementation Guide V-258597CAT IIThe ICS that provides a Simple Network Management Protocol (SNMP) Network Management System (NMS) must configure SNMPv3 to use FIPS-validated AES cipher block algorithm.Ivanti Connect Secure VPN Security Technical Implementation Guide V-251000CAT IIThe MobileIron Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-251000CAT IIThe Sentry must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253925CAT IThe Juniper EX switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-253926CAT IIIThe Juniper EX switch must use an an NTP service that is hosted by a trusted source or a DOD-compliant enterprise or local NTP server.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217337CAT IIThe Juniper router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Juniper Router NDM Security Technical Implementation Guide V-217339CAT IIThe Juniper router must be configured to authenticate NTP sources using authentication that is cryptographically based.Juniper Router NDM Security Technical Implementation Guide V-66501CAT IIThe Juniper SRX Services Gateway must authenticate NTP servers before establishing a network connection using bidirectional authentication that is cryptographically based.Juniper SRX SG NDM Security Technical Implementation Guide V-223211CAT IThe Juniper SRX Services Gateway must use and securely configure SNMPv3 if SNMP is enabled.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-223346CAT IIThe Exchange client authentication with Exchange servers must be enabled to use Kerberos Password Authentication.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223347CAT IIOutlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-228466CAT IIRPC encryption between Outlook and Exchange server must be enforced.Microsoft Outlook 2016 Security Technical Implementation Guide V-228467CAT IIOutlook must be configured to force authentication when connecting to an Exchange server.Microsoft Outlook 2016 Security Technical Implementation Guide V-237435CAT IIIThe Microsoft SCOM SNMP Monitoring in SCOM must use SNMP V3.Microsoft SCOM Security Technical Implementation Guide V-220824CAT IIUnauthenticated RPC clients must be restricted from connecting to the RPC server.Microsoft Windows 10 Security Technical Implementation Guide V-253383CAT IIUnauthenticated RPC clients must be restricted from connecting to the RPC server.Microsoft Windows 11 Security Technical Implementation Guide V-225010CAT IIUnauthenticated Remote Procedure Call (RPC) clients must be restricted from connecting to the RPC server.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225032CAT IIThe computer account password must not be prevented from being reset.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205814CAT IIWindows Server 2019 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205815CAT IIWindows Server 2019 computer account password must not be prevented from being reset.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254431CAT IIWindows Server 2022 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254453CAT IIWindows Server 2022 computer account password must not be prevented from being reset.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278180CAT IIWindows Server 2025 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and stand-alone or nondomain-joined systems.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278203CAT IIWindows Server 2025 computer account password must not be prevented from being reset.Microsoft Windows Server 2025 Security Technical Implementation Guide V-246949CAT IIONTAP must be configured to authenticate SNMP messages using FIPS-validated Keyed-HMAC.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-246950CAT IIONTAP must authenticate NTP sources using authentication that is cryptographically based.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202111CAT IIThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Network Device Management Security Requirements Guide V-202112CAT IIThe network device must authenticate Network Time Protocol sources using authentication that is cryptographically based.Network Device Management Security Requirements Guide V-243145CAT IIThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Network WLAN AP-IG Management Security Technical Implementation Guide V-243149CAT IIThe network device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Network WLAN AP-IG Management Security Technical Implementation Guide V-243210CAT IIWLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.Network WLAN AP-IG Platform Security Technical Implementation Guide V-243163CAT IIThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243167CAT IIThe network device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243181CAT IIThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Network WLAN Bridge Management Security Technical Implementation Guide V-243185CAT IIThe network device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Network WLAN Bridge Management Security Technical Implementation Guide V-243229CAT IIWLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.Network WLAN Bridge Platform Security Technical Implementation Guide V-243199CAT IIThe network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Network WLAN Controller Management Security Technical Implementation Guide V-243203CAT IIThe network device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Network WLAN Controller Management Security Technical Implementation Guide V-243235CAT IIWLAN components must be FIPS 140-2 or FIPS 140-3 certified and configured to operate in FIPS mode.Network WLAN Controller Platform Security Technical Implementation Guide V-273205CAT IIThe Okta Verify application must be configured to connect only to FIPS-compliant devices.Okta Identity as a Service (IDaaS) Security Technical Implementation Guide V-228678CAT IIThe Palo Alto Networks security platform must authenticate Network Time Protocol sources.Palo Alto Networks NDM Security Technical Implementation Guide V-273825CAT IIThe RUCKUS ICX device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).RUCKUS ICX NDM Security Technical Implementation Guide V-273826CAT IIThe RUCKUS ICX device must authenticate Network Time Protocol sources using authentication that is cryptographically based.RUCKUS ICX NDM Security Technical Implementation Guide V-275488CAT IIThe Riverbed NetIM must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Riverbed NetIM NDM Security Technical Implementation Guide V-256088CAT IIThe Riverbed NetProfiler must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Riverbed NetProfiler Security Technical Implementation Guide V-256089CAT IIThe Riverbed NetProfiler must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.Riverbed NetProfiler Security Technical Implementation Guide V-94589CAT IIThe SEL-2740S must authenticate Network Time Protocol sources using authentication that is cryptographically based.SEL-2740S NDM Security Technical Implementation Guide V-279268CAT IIThe Edge SWG must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Symantec Edge SWG NDM Security Technical Implementation Guide V-279269CAT IIThe Edge SWG must authenticate Network Time Protocol sources using authentication that is cryptographically based.Symantec Edge SWG NDM Security Technical Implementation Guide V-94699CAT IISymantec ProxySG must configure SNMPv3 so that cryptographically-based bidirectional authentication is used.Symantec ProxySG NDM Security Technical Implementation Guide V-241016CAT IIThe Tanium Server must protect the confidentiality and integrity of transmitted information with cryptographic signing capabilities enabled to ensure the authenticity of communications sessions when making requests from Tanium Clients.Tanium 7.0 Security Technical Implementation Guide V-234037CAT IIThe Tanium cryptographic signing capabilities must be enabled on the Tanium Clients to safeguard the authenticity of communications sessions when answering requests from the Tanium Server.Tanium 7.3 Security Technical Implementation Guide V-253804CAT IIThe Tanium application must authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.Tanium 7.x Security Technical Implementation Guide V-242249CAT IThe TippingPoint SMS must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).Trend Micro TippingPoint NDM Security Technical Implementation Guide V-242250CAT IThe TippingPoint SMS must authenticate Network Time Protocol sources using authentication that is cryptographically based.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-234538CAT IBefore establishing a connection to any endpoint device being managed, the UEM server must establish a trusted path between the server and endpoint that provides assured identification of the end point using a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the device.Unified Endpoint Management Server Security Requirements Guide V-234673CAT IIThe UEM server must authenticate endpoint devices (servers) before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.Unified Endpoint Management Server Security Requirements Guide V-234674CAT IIIf cipher suites using pre-shared keys are used for device authentication, the UEM server must have a minimum security strength of 112 bits or higher.Unified Endpoint Management Server Security Requirements Guide V-256331CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-256344CAT IIThe vCenter server must enforce SNMPv3 security features where SNMP is required.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-256345CAT IIThe vCenter server must disable SNMPv1/2 receivers.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258747CAT IIThe ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258917CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-258931CAT IIThe vCenter server must enforce SNMPv3 security features where SNMP is required.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-258932CAT IIThe vCenter server must disable SNMPv1/2 receivers.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-207484CAT IIThe VMM must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.Virtual Machine Manager Security Requirements Guide V-207260CAT IIThe VPN Gateway that provides a Simple Network Management Protocol (SNMP) Network Management System (NMS) must configure SNMPv3 to use FIPS-validated AES cipher block algorithm.Virtual Private Network (VPN) Security Requirements Guide V-73541CAT IIUnauthenticated Remote Procedure Call (RPC) clients must be restricted from connecting to the RPC server.Windows Server 2016 Security Technical Implementation Guide V-73541CAT IIUnauthenticated Remote Procedure Call (RPC) clients must be restricted from connecting to the RPC server.Windows Server 2016 Security Technical Implementation Guide V-73639CAT IIThe computer account password must not be prevented from being reset.Windows Server 2016 Security Technical Implementation Guide V-73639CAT IIThe computer account password must not be prevented from being reset.Windows Server 2016 Security Technical Implementation Guide V-93453CAT IIWindows Server 2019 must restrict unauthenticated Remote Procedure Call (RPC) clients from connecting to the RPC server on domain-joined member servers and standalone systems.Windows Server 2019 Security Technical Implementation Guide V-93455CAT IIWindows Server 2019 computer account password must not be prevented from being reset.Windows Server 2019 Security Technical Implementation Guide