800-53|AC-17(2)

Title

PROTECTION OF CONFIDENTIALITY / INTEGRITY USING ENCRYPTION

Description

The information system implements cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

Supplemental

The encryption strength of mechanism is selected based on the security categorization of the information.

Reference Item Details

Related: SC-12,SC-13,SC-8

Category: ACCESS CONTROL

Parent Title: REMOTE ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure modern authentication for Exchange Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level'WindowsCIS Windows 8 L1 v1.0.0
1.5.1 Ensure 'V3' is selected for SNMP pollingPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
12.51 Remote Administration of Listener - 'Use encryption if remote administration is required'UnixCIS v1.1.0 Oracle 11g OS L2
12.51 Remote Administration of Listener - 'Use encryption if remote administration is required'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 2
18.5.4.1 Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.5.4.1 Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.5.4.1 Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.5.4.1 Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higherWindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.59.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.62.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.62.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.62.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.62.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.65.3.9.3 Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1