SRG-OS-000125-GPOS-00065 Controls

STIG IDVersionTitleProduct
AZLX-23-001255V1R2Amazon Linux 2023 must enable the Pluggable Authentication Module (PAM) interface for SSHD.Amazon Linux 2023
ALMA-09-040390V1R5AlmaLinux OS 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.AlmaLinux OS 9
OL08-00-010290V2R7The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections.Oracle Linux 8
OL08-00-010291V2R7The OL 8 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections.Oracle Linux 8
OL09-00-002344V1R4OL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.Oracle Linux 9
RHEL-09-255050V2R7RHEL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.Red Hat Enterprise Linux 9
SLES-12-030180V3R4The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.SUSE Linux Enterprise 12
SLES-15-010270V2R4The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.SUSE Linux Enterprise 15
TOSS-04-010080V2R3The TOSS operating system must implement DoD-approved encryption in the OpenSSL package.Tri-Lab Operating System Stack
UBTU-18-010414V2R15The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.Ubuntu 18.04
UBTU-20-010035V2R3The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.Ubuntu 20.04
UBTU-22-255065V2R7Ubuntu 22.04 LTS must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.Ubuntu 22.04
UBTU-24-500050V1R1Ubuntu 24.04 LTS must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.Ubuntu 24.04
WN10-CC-000330V3R6The Windows Remote Management (WinRM) client must not use Basic authentication.Microsoft Windows 10
WN10-CC-000345V3R6The Windows Remote Management (WinRM) service must not use Basic authentication.Microsoft Windows 10
WN10-CC-000360V3R6The Windows Remote Management (WinRM) client must not use Digest authentication.Microsoft Windows 10
WN11-CC-000330V2R5The Windows Remote Management (WinRM) client must not use Basic authentication.Microsoft Windows 11
WN11-CC-000345V2R5The Windows Remote Management (WinRM) service must not use Basic authentication.Microsoft Windows 11
WN11-CC-000360V2R5The Windows Remote Management (WinRM) client must not use Digest authentication.Microsoft Windows 11
WN16-CC-000500V2R9The Windows Remote Management (WinRM) client must not use Basic authentication.Microsoft Windows Server 2016
WN16-CC-000520V2R9The Windows Remote Management (WinRM) client must not use Digest authentication.Microsoft Windows Server 2016
WN16-CC-000530V2R9The Windows Remote Management (WinRM) service must not use Basic authentication.Microsoft Windows Server 2016
WN19-CC-000470V3R7Windows Server 2019 Windows Remote Management (WinRM) client must not use Basic authentication.Microsoft Windows Server 2019
WN19-CC-000490V3R7Windows Server 2019 Windows Remote Management (WinRM) client must not use Digest authentication.Microsoft Windows Server 2019
WN19-CC-000500V3R7Windows Server 2019 Windows Remote Management (WinRM) service must not use Basic authentication.Microsoft Windows Server 2019
WN22-CC-000470V2R7Windows Server 2022 Windows Remote Management (WinRM) client must not use Basic authentication.Microsoft Windows Server 2022
WN22-CC-000490V2R7Windows Server 2022 Windows Remote Management (WinRM) client must not use Digest authentication.Microsoft Windows Server 2022
WN22-CC-000500V2R7Windows Server 2022 Windows Remote Management (WinRM) service must not use Basic authentication.Microsoft Windows Server 2022
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.