SRG-OS-000423-GPOS-00187 Controls

STIG ID Version Title Product
ALMA-09-042700 V1R1 All AlmaLinux OS 9 networked systems must have the OpenSSH client installed.
APPL-14-002062 V2R3 The macOS system must disable Bluetooth when no approved device is connected.
APPL-15-002062 V1R2 The macOS system must disable Bluetooth when no approved device is connected.
OL07-00-040300 V3R1 The Oracle Linux operating system must be configured so that all networked systems have SSH installed.
OL07-00-040310 V3R1 The Oracle Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
OL08-00-040159 V2R3 All OL 8 networked systems must have SSH installed.
OL08-00-040160 V2R3 All OL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
RHEL-07-040300 V3R9 The Red Hat Enterprise Linux operating system must be configured so that all networked systems have SSH installed.
RHEL-07-040310 V3R9 The Red Hat Enterprise Linux operating system must be configured so that all networked systems use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
RHEL-08-040160 V2R2 All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
RHEL-08-040159 V2R2 All RHEL 8 networked systems must have SSH installed.
RHEL-09-255010 V2R3 All RHEL 9 networked systems must have SSH installed.
RHEL-09-255015 V2R3 All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
RHEL-09-255090 V2R3 RHEL 9 must force a frequent session key renegotiation for SSH connections to the server.
RHEL-09-672050 V2R3 RHEL 9 must implement DOD-approved encryption in the bind package.
SLES-12-030100 V3R2 All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
SLES-15-010530 V2R3 All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
UBTU-18-010420 V2R15 The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information unless otherwise protected by alternative physical safeguards, such as, at a minimum, a Protected Distribution System (PDS).
UBTU-20-010042 V2R1 The Ubuntu operating system must use SSH to protect the confidentiality and integrity of transmitted information.
UBTU-22-255010 V2R3 Ubuntu 22.04 LTS must have SSH installed.
UBTU-22-255015 V2R3 Ubuntu 22.04 LTS must use SSH to protect the confidentiality and integrity of transmitted information.
WN10-SO-000035 V3R3 Outgoing secure channel traffic must be encrypted or signed.
WN10-SO-000040 V3R3 Outgoing secure channel traffic must be encrypted when possible.
WN10-SO-000045 V3R3 Outgoing secure channel traffic must be signed when possible.
WN10-SO-000060 V3R3 The system must be configured to require a strong session key.
WN10-SO-000100 V3R3 The Windows SMB client must be configured to always perform SMB packet signing.
WN10-SO-000120 V3R3 The Windows SMB server must be configured to always perform SMB packet signing.
WN11-SO-000035 V2R2 Outgoing secure channel traffic must be encrypted or signed.
WN11-SO-000040 V2R2 Outgoing secure channel traffic must be encrypted.
WN11-SO-000045 V2R2 Outgoing secure channel traffic must be signed.
WN11-SO-000060 V2R2 The system must be configured to require a strong session key.
WN11-SO-000100 V2R2 The Windows SMB client must be configured to always perform SMB packet signing.
WN11-SO-000120 V2R2 The Windows SMB server must be configured to always perform SMB packet signing.
WN16-DC-000320 V2R9 Domain controllers must require LDAP access signing.
WN16-SO-000080 V2R9 The setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
WN16-SO-000090 V2R9 The setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
WN16-SO-000100 V2R9 The setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
WN16-SO-000130 V2R9 Windows Server 2016 must be configured to require a strong session key.
WN16-SO-000190 V2R9 The setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
WN16-SO-000200 V2R9 The setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
WN16-SO-000230 V2R9 The setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
WN16-SO-000240 V2R9 The setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
WN19-DC-000320 V3R3 Windows Server 2019 domain controllers must require LDAP access signing.
WN19-SO-000060 V3R3 Windows Server 2019 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
WN19-SO-000070 V3R3 Windows Server 2019 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to enabled.
WN19-SO-000080 V3R3 Windows Server 2019 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
WN19-SO-000110 V3R3 Windows Server 2019 must be configured to require a strong session key.
WN19-SO-000160 V3R3 Windows Server 2019 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
WN19-SO-000170 V3R3 Windows Server 2019 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
WN19-SO-000190 V3R3 Windows Server 2019 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
WN19-SO-000200 V3R3 Windows Server 2019 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
WN22-DC-000320 V2R3 Windows Server 2022 domain controllers must require LDAP access signing.
WN22-SO-000060 V2R3 Windows Server 2022 setting Domain member: Digitally encrypt or sign secure channel data (always) must be configured to Enabled.
WN22-SO-000070 V2R3 Windows Server 2022 setting Domain member: Digitally encrypt secure channel data (when possible) must be configured to Enabled.
WN22-SO-000080 V2R3 Windows Server 2022 setting Domain member: Digitally sign secure channel data (when possible) must be configured to Enabled.
WN22-SO-000110 V2R3 Windows Server 2022 must be configured to require a strong session key.
WN22-SO-000160 V2R3 Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
WN22-SO-000170 V2R3 Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
WN22-SO-000190 V2R3 Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
WN22-SO-000200 V2R3 Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.