800-53|MA-4c.

Title

NONLOCAL MAINTENANCE

Description

Employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions;

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: MAINTENANCE

Family: MAINTENANCE

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4 OL08-00-010020	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT I
1.40 OL08-00-010290	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.41 OL08-00-010291	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.66 UBTU-22-255065	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.98 UBTU-24-500050	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.211 RHEL-09-255050	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
1.446 RHEL-09-671010	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT I
AIX7-00-001102 - AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.	Unix	DISA STIG AIX 7.x v3r1
ALMA-09-004310 - AlmaLinux OS 9 must use the TuxCare FIPS repository.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-004320 - AlmaLinux OS 9 must use the TuxCare FIPS packages and not the default encryption packages.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-004420 - AlmaLinux OS 9 must enable FIPS mode.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-040390 - AlmaLinux OS 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000605 - The macOS system must not use telnet.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthentication	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - enforceSmartCard	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthentication	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 13 v1r5
APPL-14-001150 The macOS system must disable password authentication for SSH.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001150 - The macOS system must disable password authentication for SSH.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r4
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard Authentication	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
OL07-00-040110 - The Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.	Unix	DISA Oracle Linux 7 STIG v3r3
OL08-00-010290 - The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA Oracle Linux 8 STIG v2r5
OL08-00-010291 - The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms.	Unix	DISA Oracle Linux 8 STIG v2r5
OL09-00-000070 - OL 9 must enable FIPS mode.	Unix	DISA Oracle Linux 9 STIG v1r2
OL09-00-002344 - OL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.	Unix	DISA Oracle Linux 9 STIG v1r2

Detections

Analytics

800-53|MA-4c.

Title

Description

Reference Item Details

Audit Items