STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← MA-4 (6) — Nonlocal Maintenance

CCI-003123

Definition

Implement organization-defined cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.

Parent Control

MA-4 (6)Nonlocal MaintenanceMaintenance

Linked STIG Checks (130)

V-255616CAT IThe A10 Networks ADC must not use SNMP Versions 1 or 2.A10 Networks ADC NDM Security Technical Implementation Guide V-274040CAT IAmazon Linux 2023 must have the crypto-policies package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274058CAT IAmazon Linux 2023 crypto policy must not be overridden.Amazon Linux 2023 Security Technical Implementation Guide V-283452CAT IAmazon Linux 2023 must implement a FIPS 140-2/140-3 compliant systemwide cryptographic policy.Amazon Linux 2023 Security Technical Implementation Guide V-268089CAT INixOS must implement DOD-approved encryption to protect the confidentiality of remote access sessions.Anduril NixOS Security Technical Implementation Guide V-252459CAT IThe macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252460CAT IThe macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252461CAT IThe macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257773CAT IThe macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257774CAT IThe macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257775CAT IThe macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257165CAT IThe macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257166CAT IThe macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257167CAT IThe macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257293CAT IThe macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257294CAT IThe macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257295CAT IThe macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268438CAT IThe macOS system must limit SSHD to FIPS-compliant connections.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277046CAT IThe macOS system must limit SSHD to FIPS-compliant connections.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222563CAT IIApplications used for non-local maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of non-local maintenance and diagnostic communications.Application Security and Development Security Technical Implementation Guide V-217370CAT IIArista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255961CAT IThe Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255961CAT IThe Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219312CAT IIThe Ubuntu operating system must configure the SSH daemon to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms to protect the integrity of nonlocal maintenance and diagnostic communications.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238217CAT IIThe Ubuntu operating system must configure the SSH daemon to use FIPS 140-2 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260531CAT IIUbuntu 22.04 LTS must configure the SSH daemon to use FIPS 140-3-approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270667CAT IIUbuntu 24.04 LTS must configure the SSH daemon to use FIPS 140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271966CAT IThe Cisco ACI must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.Cisco ACI NDM Security Technical Implementation Guide V-239931CAT IThe Cisco ASA must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Cisco ASA NDM Security Technical Implementation Guide V-215700CAT IThe Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco IOS Router NDM Security Technical Implementation Guide V-220608CAT IThe Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco IOS Switch NDM Security Technical Implementation Guide V-215845CAT IThe Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220556CAT IThe Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216542CAT IThe Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242656CAT IThe Cisco ISE must be configured to implement cryptographic mechanisms using a FIPS 140-2 validated algorithm to protect the confidentiality of remote maintenance sessions.Cisco ISE NDM Security Technical Implementation Guide V-220504CAT IThe Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Cisco NX OS Switch NDM Security Technical Implementation Guide V-283454CAT IAlmaLinux OS 9 must have the crypto-policies package installed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-283455CAT IAlmaLinux OS 9 must implement a FIPS 140-3-compliant systemwide cryptographic policy.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233208CAT IIThe container platform must configure web management tools and Application Program Interfaces (API) with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Container Platform Security Requirements Guide V-255574CAT IIApplications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.DBN-6300 NDM Security Technical Implementation Guide V-269797CAT IThe Dell OS10 Switch must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Dell OS10 Switch NDM Security Technical Implementation Guide V-235777CAT IFIPS mode must be enabled on all Docker Engine - Enterprise nodes.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-278405CAT IINGINX must be configured to use FIPS-approved algorithms to protect the confidentiality and integrity of transmitted information.F5 NGINX Security Technical Implementation Guide V-234212CAT IThe FortiGate device must implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203737CAT IThe operating system must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.General Purpose Operating System Security Requirements Guide V-217469CAT IIApplications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255239CAT IISSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-237818CAT IDoD-approved encryption must be implemented to protect the confidentiality and integrity of remote access sessions, information during preparation for transmission, information during reception, and information during transmission in addition to enforcing replay-resistant authentication mechanisms for network access to privileged accounts.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255272CAT IThe HPE 3PAR OS must be configured to restrict the encryption algorithms and protocols to comply with DOD-approved encryption to protect the confidentiality and integrity of remote access sessions.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283387CAT IThe HPE Alletra Storage ArcusOS device must use FIPS 140-approved algorithms for authentication to a cryptographic module.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-266940CAT IAOS must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268271CAT IThe HYCU virtual appliance must be configured to implement cryptographic mechanisms using a FIPS 140-2-approved algorithm to protect the confidentiality of remote maintenance sessions.HYCU Protege Security Technical Implementation Guide V-215284CAT IIAIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.IBM AIX 7.x Security Technical Implementation Guide V-255765CAT IIApplications used for nonlocal maintenance sessions using the MQ Appliance WebGUI must implement cryptographic mechanisms to protect the confidentiality and integrity of nonlocal maintenance and diagnostic communications.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-223610CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS ACF2 Security Technical Implementation Guide V-223831CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet Server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS RACF Security Technical Implementation Guide V-224067CAT IIIBM z/OS SSL encryption options for the TN3270 Telnet server must be specified properly for each statement that defines a SECUREPORT or within the TELNETGLOBALS.IBM z/OS TSS Security Technical Implementation Guide V-224778CAT IIThe ISEC7 SPHERE must use a FIPS-validated cryptographic module to provision digital signatures.ISEC7 Sphere Security Technical Implementation Guide V-258598CAT IThe ICS must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 approved algorithm.Ivanti Connect Secure NDM Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-251416CAT IThe Ivanti EPMM server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Ivanti EPMM Server Security Technical Implementation Guide V-251416CAT IThe Ivanti MobileIron Core server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-251001CAT IMobileIron Sentry must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-251001CAT ISentry must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253929CAT IThe Juniper EX switch must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 approved algorithm to protect the confidentiality of remote maintenance sessions.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217341CAT IThe Juniper router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.Juniper Router NDM Security Technical Implementation Guide V-66455CAT IFor nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must securely configure SNMPv3 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Juniper SRX SG NDM Security Technical Implementation Guide V-66531CAT IIFor nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configured SSHv2 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Juniper SRX SG NDM Security Technical Implementation Guide V-66533CAT IIFor nonlocal maintenance sessions, the Juniper SRX Services Gateway must ensure only zones where management functionality is desired have host-inbound-traffic system-services configured.Juniper SRX SG NDM Security Technical Implementation Guide V-223226CAT IThe Juniper SRX Services Gateway must securely configure SNMPv3 with privacy options to protect the confidentiality of nonlocal maintenance and diagnostic communications using SNMP.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-223227CAT IThe Juniper SRX Services Gateway must use SSHv2 with privacy options to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions using SSH.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-223228CAT IIFor nonlocal maintenance sessions, the Juniper SRX Services Gateway must ensure only zones where management functionality is desired have host-inbound-traffic system-services configured.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-205580CAT IIMainframe Products must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.Mainframe Product Security Requirements Guide V-237438CAT IThe SCOM Web Console must be configured for HTTPS.Microsoft SCOM Security Technical Implementation Guide V-220863CAT IIThe Windows Remote Management (WinRM) client must not allow unencrypted traffic.Microsoft Windows 10 Security Technical Implementation Guide V-220866CAT IIThe Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows 10 Security Technical Implementation Guide V-253419CAT IIThe Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows 11 Security Technical Implementation Guide V-224959CAT IIThe Windows Remote Management (WinRM) client must not allow unencrypted traffic.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224962CAT IIThe Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205816CAT IIWindows Server 2019 Windows Remote Management (WinRM) client must not allow unencrypted traffic.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205817CAT IIWindows Server 2019 Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254379CAT IIWindows Server 2022 Windows Remote Management (WinRM) client must not allow unencrypted traffic.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254382CAT IIWindows Server 2022 Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278126CAT IIWindows Server 2025 Windows Remote Management (WinRM) client must not allow unencrypted traffic.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278129CAT IIWindows Server 2025 Windows Remote Management (WinRM) service must not allow unencrypted traffic.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260908CAT IFIPS mode must be enabled.Mirantis Kubernetes Engine Security Technical Implementation Guide V-246958CAT IONTAP must be configured to implement cryptographic mechanisms using FIPS 140-2.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202118CAT IThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessionsNetwork Device Management Security Requirements Guide V-243141CAT IThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Network WLAN AP-IG Management Security Technical Implementation Guide V-243159CAT IThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243177CAT IThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Network WLAN Bridge Management Security Technical Implementation Guide V-243195CAT IThe network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.Network WLAN Controller Management Security Technical Implementation Guide V-254125CAT INutanix AOS must implement DoD-approved encryption to protect the confidentiality of remote access sessions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279534CAT INutanix OS must implement cryptography to protect the integrity of remote access sessions by using only HMACs employing FIPS 140-3-approved algorithms.Nutanix Acropolis GPOS Security Technical Implementation Guide V-279535CAT INutanix OS must implement cryptography to protect the integrity of remote access session by setting the systemwide policy to use FIPS mode.Nutanix Acropolis GPOS Security Technical Implementation Guide V-279538CAT INutanix OS must implement cryptography to protect the integrity and confidentiality of remote access and nonlocal maintenance and diagnostic sessions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221840CAT IIThe Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.Oracle Linux 7 Security Technical Implementation Guide V-248524CAT IOL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.Oracle Linux 8 Security Technical Implementation Guide V-283447CAT IOL 8 cryptographic policy must not be overridden.Oracle Linux 8 Security Technical Implementation Guide V-271477CAT IOL 9 must have the crypto-policies package installed.Oracle Linux 9 Security Technical Implementation Guide V-271478CAT IOL 9 must implement a FIPS 140-3 compliant systemwide cryptographic policy.Oracle Linux 9 Security Technical Implementation Guide V-271479CAT IOL 9 must not allow the cryptographic policy to be overridden.Oracle Linux 9 Security Technical Implementation Guide V-228670CAT IThe Palo Alto Networks security platform must not use SNMP Versions 1 or 2.Palo Alto Networks NDM Security Technical Implementation Guide V-273808CAT IThe RUCKUS ICX device must use FIPS 140-2/140-3 approved algorithms for authentication to a cryptographic module.RUCKUS ICX NDM Security Technical Implementation Guide V-281007CAT IRHEL 10 must have the "crypto-policies" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281008CAT IRHEL 10 must implement a FIPS 140-3-compliant systemwide cryptographic policy.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281009CAT IRHEL 10 must enable FIPS mode.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281010CAT IRHEL 10 must be configured so that Secure Shell (SSH) clients use only DOD-approved encryption ciphers employing FIPS 140-3-validated cryptographic hash algorithms to protect the confidentiality of SSH client connections.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281016CAT IRHEL 10 cryptographic policy must not be overridden.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258234CAT IRHEL 9 must have the crypto-policies package installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258236CAT IRHEL 9 cryptographic policy must not be overridden.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258241CAT IRHEL 9 must implement a FIPS 140-3-compliant systemwide cryptographic policy.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257546CAT IOpenShift must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 validated cryptography.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275624CAT IIUbuntu OS must configure the SSH daemon to use FIPS 140-2/140-3 approved ciphers to prevent the unauthorized disclosure of information and/or detect changes to information during transmission.Riverbed NetIM OS Security Technical Implementation Guide V-256090CAT IThe Riverbed NetProfiler must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 validated algorithm to protect the confidentiality and integrity of all cryptographic functions.Riverbed NetProfiler Security Technical Implementation Guide V-92303CAT IThe SEL-2740S must be adopted by OTSDN Controllers for secure communication identifiers and initial trust for configuration of remote maintenance and diagnostic communications.SEL-2740S NDM Security Technical Implementation Guide V-261335CAT ISLEM 5 SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217271CAT IIThe SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-279248CAT IThe Edge SWG must be configured to use FIPS mode.Symantec Edge SWG NDM Security Technical Implementation Guide V-94709CAT IThe Symantec ProxySG Web Management Console and SSH sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.Symantec ProxySG NDM Security Technical Implementation Guide V-242251CAT IThe TippingPoint TPS must have FIPS mode enforced.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-252924CAT IThe TOSS operating system must implement DOD-approved encryption to protect the confidentiality of SSH connections.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-234555CAT IThe UEM server must configure web management tools with FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to protect the confidentiality of maintenance and diagnostic communications for nonlocal maintenance sessions.Unified Endpoint Management Server Security Requirements Guide V-240515CAT IIThe SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239610CAT IIThe SLES for vRealize must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications, when used for nonlocal maintenance sessions.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256534CAT IIIThe Photon operating system must configure sshd to use FIPS 140-2 ciphers.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256331CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258806CAT IThe Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258917CAT IThe vCenter Server must enable FIPS-validated cryptography.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-269573CAT IXylok Security Suite must prevent access except through HTTPS.Xylok Security Suite 20.x Security Technical Implementation Guide