Item Search

NameAudit NamePluginCategory
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleDISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolDISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.DISA STIG Apache Server 2.4 Unix Server v3r1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - session_cryptoDISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - SessionCryptoCipherDISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force.DISA STIG Apache Server 2.4 Unix Server v3r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.DISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.DISA STIG Apache Server 2.4 Unix Server v3r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers.DISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - ssl_moduleDISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - ssl_moduleDISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connectDISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connectDISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startupDISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startupDISA STIG Apache Server 2.4 Windows Server v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W2-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Site v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W2-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.DISA STIG Apache Server 2.4 Windows Site v2r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.DISA STIG Cisco ASA VPN v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CD12-00-011400 - PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA STIG Crunchy Data PostgreSQL DB v3r1PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID valuesDISA STIG IBM DB2 v10.5 LUW v2r1 OS LinuxUnix

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID valuesDISA STIG IBM DB2 v10.5 LUW v2r1 OS WindowsWindows

SYSTEM AND COMMUNICATIONS PROTECTION

DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptionsDISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

FGFW-ND-000280 - The FortiGate device must generate unique session identifiers using a FIPS 140-2-approved random number generator.DISA Fortigate Firewall NDM STIG v1r4FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity.DISA IIS 10.0 Site v2r9Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

IIST-SI-000223 - The IIS 10.0 website must generate unique session identifiers that cannot be reliably reproduced.DISA IIS 10.0 Site v2r9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.DISA IIS 8.5 Site v2r9Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

IISW-SI-000223 - The IIS 8.5 website must generate unique session identifiers that cannot be reliably reproduced.DISA IIS 8.5 Site v2r9Windows

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-004900 - MariaDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA MariaDB Enterprise 10.x v2r1 DBMySQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

MD3X-00-000410 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OSUnix

SYSTEM AND COMMUNICATIONS PROTECTION

MD4X-00-003700 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OSUnix

SYSTEM AND COMMUNICATIONS PROTECTION

MYS8-00-007000 - The MySQL Database Server 8.0 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA Oracle MySQL 8.0 v2r2 DBMySQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

PGS9-00-011400 - PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA STIG PostgreSQL 9.x on RHEL DB v2r5PostgreSQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.DISA STIG SQL Server 2016 Instance OS Audit v3r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

TCAT-AS-000750 - Tomcat must use FIPS-validated ciphers on secured connectors.DISA STIG Apache Tomcat Application Server 9 v3r1 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

VCSA-70-000077 - The vCenter Server must enable FIPS-validated cryptography.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

VCSA-80-000077 The vCenter Server must enable FIPS-validated cryptography.DISA VMware vSphere 8.0 vCenter STIG v2r1VMware

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION