STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-8 (1) — Transmission Confidentiality and Integrity

CCI-002421

Definition

Implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.

Parent Control

SC-8 (1)Transmission Confidentiality and IntegritySystem and Communications Protection

Linked STIG Checks (159)

V-279095CAT IJVM arguments must be configured to use approved cryptographic mechanisms to protect data in transit.Adobe ColdFusion Security Technical Implementation Guide V-279096CAT IIColdFusion must encrypt patch retrieval.Adobe ColdFusion Security Technical Implementation Guide V-279097CAT IIColdFusion must ensure that ColdFusion Package Manager (cfpm) packages are transmitted using encrypted protocols.Adobe ColdFusion Security Technical Implementation Guide V-274038CAT IAmazon Linux 2023 must have SSH installed.Amazon Linux 2023 Security Technical Implementation Guide V-274039CAT IAmazon Linux 2023 must implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Amazon Linux 2023 Security Technical Implementation Guide V-274040CAT IAmazon Linux 2023 must have the crypto-policies package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274046CAT IAmazon Linux 2023 must force a frequent session key renegotiation for SSH connections to the server.Amazon Linux 2023 Security Technical Implementation Guide V-274058CAT IAmazon Linux 2023 crypto policy must not be overridden.Amazon Linux 2023 Security Technical Implementation Guide V-283452CAT IAmazon Linux 2023 must implement a FIPS 140-2/140-3 compliant systemwide cryptographic policy.Amazon Linux 2023 Security Technical Implementation Guide V-268159CAT INixOS must protect the confidentiality and integrity of transmitted information.Anduril NixOS Security Technical Implementation Guide V-222968CAT ITomcat must use FIPS-validated ciphers on secured connectors.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-268438CAT IThe macOS system must limit SSHD to FIPS-compliant connections.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268439CAT IThe macOS system must limit SSH to FIPS-compliant connections.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277046CAT IThe macOS system must limit SSHD to FIPS-compliant connections.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277047CAT IThe macOS system must limit SSH to FIPS-compliant connections.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222597CAT IIThe application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).Application Security and Development Security Technical Implementation Guide V-204818CAT IIThe application server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.Application Server Security Requirements Guide V-237338CAT IThe ArcGIS Server SSL settings must use NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272629CAT ICylanceON-PREM must be configured to use TLS 1.2 or higher.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-272435CAT IThe BIND 9.x server implementation must uniquely identify and authenticate the other DNS server before responding to a server-to-server transaction, zone transfer, and/or dynamic update request using cryptographically based bidirectional authentication to protect the integrity of the information in transit.BIND 9.x Security Technical Implementation Guide V-224386CAT IIThe BlackBerry UEM server must connect to [assignment: [SQL Server]] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.BlackBerry UEM Security Technical Implementation Guide V-219313CAT IThe Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238216CAT IIThe Ubuntu operating system must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238217CAT IIThe Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260531CAT IIUbuntu 22.04 LTS must configure the SSH daemon to use FIPS 140-3-approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260532CAT IIUbuntu 22.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3-approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270667CAT IIUbuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270668CAT IIUbuntu 24.04 LTS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-3 approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-234565CAT ICitrix Delivery Controller must implement DoD-approved encryption.Citrix Virtual Apps and Desktop 7.x Delivery Controller Security Technical Implementation Guide V-234227CAT ICitrix License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide V-234257CAT ICitrix Linux Virtual Delivery Agent must implement DoD-approved encryption.Citrix Virtual Apps and Desktop 7.x Linux Virtual Delivery Agent Security Technical Implementation Guide V-234252CAT IICitrix StoreFront server must accept Personal Identity Verification (PIV) credentials.Citrix Virtual Apps and Desktop 7.x StoreFront Security Technical Implementation Guide V-234253CAT ICitrix Windows Virtual Delivery Agent must implement DoD-approved encryption.Citrix Virtual Apps and Desktop 7.x Windows Virtual Delivery Agent Security Technical Implementation Guide V-213205CAT IXenDesktop License Server must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution Systems (PDS).Citrix XenDesktop 7.x License Server Security Technical Implementation Guide V-213208CAT ICitrix Receiver must implement DoD-approved encryption.Citrix XenDesktop 7.x Receiver Security Technical Implementation Guide V-213211CAT IIXenDesktop StoreFront must accept Personal Identity Verification (PIV) credentials.Citrix XenDesktop 7.x StoreFront Security Technical Implementation Guide V-213213CAT ICitrix Windows Virtual Delivery Agent must implement DoD-approved encryption.Citrix XenDesktop 7.x Windows VDA Security Technical Implementation Guide V-269437CAT IIAll AlmaLinux OS 9 networked systems must implement SSH to protect the confidentiality and integrity of transmitted and received information, including information being prepared for transmission.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269438CAT IIAll AlmaLinux OS 9 networked systems must have the OpenSSH server installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-235776CAT IITCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205217CAT IIThe DNS server implementation must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).Domain Name System (DNS) Security Requirements Guide V-278405CAT IINGINX must be configured to use FIPS-approved algorithms to protect the confidentiality and integrity of transmitted information.F5 NGINX Security Technical Implementation Guide V-203749CAT IThe operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).General Purpose Operating System Security Requirements Guide V-255239CAT IISSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-237818CAT IDoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255272CAT IThe HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-215284CAT IIAIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.IBM AIX 7.x Security Technical Implementation Guide V-255812CAT IIThe MQ Appliance messaging server must employ approved cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250348CAT IIThe WebSphere Liberty Server must be configured to use HTTPS only.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255875CAT IIThe WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255890CAT IIThe WebSphere Application Server plugin must be configured to use HTTPS only.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-283677CAT IIThe WebSphere Application Server must use FIPS 140-3-approved encryption modules when authenticating users and processes.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223610CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS ACF2 Security Technical Implementation Guide V-223831CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS RACF Security Technical Implementation Guide V-224067CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS TSS Security Technical Implementation Guide V-224772CAT IIThe ISEC7 SPHERE must protect the confidentiality and integrity of transmitted information during preparation for transmission and during reception using cryptographic mechanisms.ISEC7 Sphere Security Technical Implementation Guide V-214196CAT IIThe Infoblox system must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).Infoblox 7.x DNS Security Technical Implementation Guide V-233924CAT IIThe Infoblox DNS service member must implement cryptographic mechanisms to detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).Infoblox 8.x DNS Security Technical Implementation Guide V-213548CAT IIJBoss must be configured to use an approved cryptographic algorithm in conjunction with TLS.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-241818CAT IThe Jamf Pro EMM server must connect to [Authentication Gateway Service (AGS)] with an authenticated and secure (encrypted) connection to protect the confidentiality and integrity of transmitted information.Jamf Pro v10.x EMM Security Technical Implementation Guide V-220914CAT IIOutgoing secure channel traffic must be encrypted or signed.Microsoft Windows 10 Security Technical Implementation Guide V-220915CAT IIOutgoing secure channel traffic must be encrypted when possible.Microsoft Windows 10 Security Technical Implementation Guide V-220916CAT IIOutgoing secure channel traffic must be signed when possible.Microsoft Windows 10 Security Technical Implementation Guide V-220919CAT IIThe system must be configured to require a strong session key.Microsoft Windows 10 Security Technical Implementation Guide V-220925CAT IIThe Windows SMB client must be configured to always perform SMB packet signing.Microsoft Windows 10 Security Technical Implementation Guide V-220927CAT IIThe Windows SMB server must be configured to always perform SMB packet signing.Microsoft Windows 10 Security Technical Implementation Guide V-253255CAT IIWindows 11 domain-joined systems must have a Trusted Platform Module (TPM) enabled.Microsoft Windows 11 Security Technical Implementation Guide V-253256CAT IIWindows 11 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS.Microsoft Windows 11 Security Technical Implementation Guide V-253257CAT IISecure Boot must be enabled on Windows 11 systems.Microsoft Windows 11 Security Technical Implementation Guide V-253438CAT IIOutgoing secure channel traffic must be encrypted or signed.Microsoft Windows 11 Security Technical Implementation Guide V-253439CAT IIOutgoing secure channel traffic must be encrypted.Microsoft Windows 11 Security Technical Implementation Guide V-253440CAT IIOutgoing secure channel traffic must be signed.Microsoft Windows 11 Security Technical Implementation Guide V-215635CAT IIThe Windows 2012 DNS Server must maintain the integrity of information during preparation for transmission.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-224995CAT IIDomain controllers must require LDAP access signing.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225029CAT IIThe setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225030CAT IIThe setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225031CAT IIThe setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225034CAT IIWindows Server 2016 must be configured to require a strong session key.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225039CAT IIThe setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225040CAT IIThe setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225042CAT IIThe setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225043CAT IIThe setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205820CAT IIWindows Server 2019 domain controllers must require LDAP access signing.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205821CAT IIWindows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205822CAT IIWindows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205823CAT IIWindows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205824CAT IIWindows Server 2019 must be configured to require a strong session key.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205825CAT IIWindows Server 2019 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205826CAT IIWindows Server 2019 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205827CAT IIWindows Server 2019 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205828CAT IIWindows Server 2019 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254416CAT IIWindows Server 2022 domain controllers must require LDAP access signing.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254450CAT IIWindows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254451CAT IIWindows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254452CAT IIWindows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254455CAT IIWindows Server 2022 must be configured to require a strong session key.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254460CAT IIWindows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254461CAT IIWindows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254463CAT IIWindows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254464CAT IIWindows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278163CAT IIWindows Server 2025 domain controllers must require LDAP access signing.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278200CAT IIThe Windows Server 2025 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278201CAT IIWindows Server 2025 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278202CAT IIThe Windows Server 2025 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278205CAT IIWindows Server 2025 must be configured to require a strong session key.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278210CAT IIThe Windows Server 2025 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278211CAT IIThe Windows Server 2025 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278213CAT IIThe Windows Server 2025 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278214CAT IIThe Windows Server 2025 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-259344CAT IIThe Windows DNS Server must implement cryptographic mechanisms to detect changes to information during transmission.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-254125CAT INutanix AOS must implement DoD-approved encryption to protect the confidentiality of remote access sessions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279535CAT INutanix OS must implement cryptography to protect the integrity of remote access session by setting the systemwide policy to use FIPS mode.Nutanix Acropolis GPOS Security Technical Implementation Guide V-237699CAT IThe DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.Oracle Database 12c Security Technical Implementation Guide V-221898CAT IIThe Oracle Linux operating system must be configured so that all wireless network adapters are disabled.Oracle Linux 7 Security Technical Implementation Guide V-248866CAT IIAll OL 8 networked systems must have SSH installed.Oracle Linux 8 Security Technical Implementation Guide V-248867CAT IIAll OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Oracle Linux 8 Security Technical Implementation Guide V-271482CAT IIOL 9 networked systems must have SSH installed.Oracle Linux 9 Security Technical Implementation Guide V-271483CAT IIOL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Oracle Linux 9 Security Technical Implementation Guide V-271705CAT IIOL 9 must force a frequent session key renegotiation for SSH connections to the server.Oracle Linux 9 Security Technical Implementation Guide V-271859CAT IIOL 9 wireless network adapters must be disabled.Oracle Linux 9 Security Technical Implementation Guide V-235977CAT IIOracle WebLogic must employ cryptographic encryption to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.Oracle WebLogic Server 12c Security Technical Implementation Guide V-235987CAT IIOracle WebLogic must protect the confidentiality of applications and leverage transmission protection mechanisms, such as TLS and SSL VPN, when deploying applications.Oracle WebLogic Server 12c Security Technical Implementation Guide V-235992CAT IIOracle WebLogic must employ approved cryptographic mechanisms when transmitting sensitive data.Oracle WebLogic Server 12c Security Technical Implementation Guide V-281001CAT IIRHEL 10 must have a Secure Shell (SSH) server installed for all networked systems.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281002CAT IIRHEL 10 must, for all networked systems, have and implement Secure Shell (SSH) to protect the confidentiality and integrity of transmitted and received information.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281268CAT IRHEL 10 must force a frequent session key renegotiation for Secure Shell (SSH) connections to the server.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281290CAT IIRHEL 10 must disable wireless network adapters.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204585CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204586CAT IIThe Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-257978CAT IIAll RHEL 9 networked systems must have SSH installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257979CAT IIAll RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257994CAT IIRHEL 9 must force a frequent session key renegotiation for SSH connections to the server.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258040CAT IIRHEL 9 wireless network adapters must be disabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275624CAT IIUbuntu OS must configure the SSH daemon to use FIPS 140-2/140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Riverbed NetIM OS Security Technical Implementation Guide V-275625CAT IUbuntu OS must configure the SSH daemon to use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 -approved cryptographic hashes to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Riverbed NetIM OS Security Technical Implementation Guide V-279006CAT IIThe router must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.Router Security Requirements Guide V-261328CAT ISLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217264CAT IAll networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-281376CAT ITCMax must protect the confidentiality and integrity of transmitted information.Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide V-219977CAT IIThe operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.Solaris 11 SPARC Security Technical Implementation Guide V-219980CAT IIThe operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.Solaris 11 SPARC Security Technical Implementation Guide V-220005CAT IIThe operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.Solaris 11 X86 Security Technical Implementation Guide V-220008CAT IIThe operating system must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.Solaris 11 X86 Security Technical Implementation Guide V-234077CAT IIThe Tanium Server must protect the confidentiality and integrity of transmitted information, in preparation to be transmitted and data at rest, with cryptographic signing capabilities enabled to protect the authenticity of communications sessions when making requests from Tanium Clients.Tanium 7.3 Security Technical Implementation Guide V-252934CAT IIAll TOSS networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282385CAT IITOSS 5 must force a frequent session key renegotiation for SSH connections to the server.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282606CAT IIAll TOSS 5 networked systems must have SSH installed.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282607CAT IIAll TOSS 5 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-240519CAT IThe SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240956CAT IIThe vAMI sfcb must have HTTPS enabled.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-239613CAT IThe SLES for vRealize must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256534CAT IIIThe Photon operating system must configure sshd to use FIPS 140-2 ciphers.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256318CAT IThe vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-265978CAT IIThe vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-279024CAT IIThe VPN Gateway must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.Virtual Private Network (VPN) Security Requirements Guide V-269573CAT IXylok Security Suite must prevent access except through HTTPS.Xylok Security Suite 20.x Security Technical Implementation Guide V-224354CAT IWebSphere MQ channel security must be implemented in accordance with security requirements.zOS WebSphere MQ for ACF2 Security Technical Implementation Guide V-224551CAT IWebSphere MQ channel security must be implemented in accordance with security requirements.zOS WebSphere MQ for RACF Security Technical Implementation Guide V-225623CAT IWebSphere MQ channel security must be implemented in accordance with security requirements.zOS WebSphere MQ for TSS Security Technical Implementation Guide