Theme

800-53|AC-17(2)

Title

PROTECTION OF CONFIDENTIALITY / INTEGRITY USING ENCRYPTION

Description

The information system implements cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

Supplemental

The encryption strength of mechanism is selected based on the security categorization of the information.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-12,SC-13,SC-8

Category: ACCESS CONTROL

Parent Title: REMOTE ACCESS

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure modern authentication for Exchange Online is enabled	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure that the --kubelet-https argument is set to true	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.4 Use https for kubelet connections - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.4 Use https for kubelet connections - Secrets	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.5 Set 'Allow unencrypted traffic' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.19 Ensure that the --secure-port argument is not set to 0	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.20 Ensure that the --secure-port argument is not set to 0 - KubeApiServers	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.20 Ensure that the --secure-port argument is not set to 0 - Pods	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - cert	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - key	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.31 Ensure that the --client-ca-file argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.32 Ensure that the --etcd-cafile argument is set as appropriate	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3 Ensure modern authentication for SharePoint applications is required	microsoft_azure	CIS Microsoft 365 Foundations E3 L1 v1.5.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 8 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 9 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL9 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Rocky Linux 8 Workstation L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS AlmaLinux OS 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Oracle Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacy	Unix	CIS Red Hat EL9 Server L1 v1.0.0