800-53|IA-3(1)

Title

CRYPTOGRAPHIC BIDIRECTIONAL AUTHENTICATION

Description

The information system authenticates [Assignment: organization-defined specific devices and/or types of devices] before establishing [Selection (one or more): local; remote; network] connection using bidirectional authentication that is cryptographically based.

Supplemental

A local connection is any connection with a device communicating without the use of a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk (e.g., remote connections).

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-12,SC-13,SC-8

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: DEVICE IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.9.1.1 Ensure 'NTP authentication' is enabled	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.11 Ensure Web Tier ELB is using HTTPS listener	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.14 Ensure App Tier ELB is using HTTPS listener	amazon_aws	CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireIntegrity	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL/RequireMutualAuthentication	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.6.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG

Detections

Analytics