| OL09-00-000240 | V1R3 | OL 9 must have the crypto-policies package installed. | |
| OL09-00-000241 | V1R3 | OL 9 must implement a FIPS 140-3 compliant system-wide cryptographic policy. | |
| OL09-00-000242 | V1R3 | OL 9 must not allow the cryptographic policy to be overridden. | |
| RHEL-09-215100 | V2R6 | RHEL 9 must have the crypto-policies package installed. | |
| RHEL-09-672020 | V2R6 | RHEL 9 cryptographic policy must not be overridden. | |
| RHEL-09-215105 | V2R6 | RHEL 9 must implement a FIPS 140-3-compliant systemwide cryptographic policy. | |
| SLES-15-010510 | V2R4 | FIPS 140-2 mode must be enabled on the SUSE operating system. | |
| UBTU-20-010442 | V2R3 | The Ubuntu operating system must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | |
| UBTU-22-671010 | V2R6 | Ubuntu 22.04 LTS must implement NIST FIPS-validated cryptography to protect classified information and for the following: To provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | |
| UBTU-22-432011 | V2R6 | The operating system must require users to provide a password for privilege escalation. | |
| UBTU-22-654224 | V2R6 | The operating system must restrict privilege elevation to authorized personnel. | |
| UBTU-22-654041 | V2R6 | Ubuntu 22.04 LTS must audit any script or executable called by cron as root or by any privileged user. | |
| UBTU-22-254025 | V2R6 | Ubuntu 22.04 LTS must be configured such that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. | |
| UBTU-22-254010 | V2R6 | Ubuntu 22.04 LTS must have the "SSSD" package installed. | |
| UBTU-22-254030 | V2R6 | Ubuntu 22.04 LTS must map the authenticated identity to the user or group account for PKI-based authentication. | |
| UBTU-22-254015 | V2R6 | Ubuntu 22.04 LTS must use the "SSSD" package for multifactor authentication services. | |
| UBTU-22-254020 | V2R6 | Ubuntu 22.04 LTS must ensure SSSD performs certificate path validation, including revocation checking, against a trusted anchor for PKI-based authentication. | |
| WN16-DC-000140 | V2R9 | Separate, NSA-approved (Type 1) cryptography must be used to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | |
| WN19-DC-000140 | V3R6 | Windows Server 2019 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | |
| WN22-DC-000140 | V2R6 | Windows Server 2022 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | |