800-53|SC-23

Title

SESSION AUTHENTICITY

Description

The information system protects the authenticity of communications sessions.

Supplemental

This control addresses communications protection at the session, versus packet level (e.g., sessions in service-oriented architectures providing web-based services) and establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Authenticity protection includes, for example, protecting against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.

Reference Item Details

Related: SC-10,SC-11,SC-8

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.5.5 (L1) Ensure 'Locked' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2.7 Ensure that the APIPriorityAndFairness feature gate is enabledOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.11.1 L1 Master Node
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.1 Set 'password' for 'enable secret'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.4.2 Enable 'service password-encryption'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.11.1 L1 Master Node
1.4.3 Set 'username secret' for all local usersCiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.1 Set 'no snmp-server' to disable SNMP when unusedCiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.2 Unset 'private' for 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.3 Unset 'public' for 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3CiscoCIS Cisco IOS 15 L2 v4.1.1
1.102 UBTU-24-600060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.109 UBTU-22-631010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.172 WN16-DC-000280WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.173 WN16-DC-000290WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.173 WN19-DC-000280WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.173 WN22-DC-000280WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.174 WN16-DC-000300WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT I
1.174 WN19-DC-000290WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.174 WN22-DC-000290WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
1.175 WN19-DC-000300WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I
1.175 WN22-DC-000300WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT I
1.182 WN10-PK-000005WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.183 WN10-PK-000010WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.184 WN10-PK-000015WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.185 WN10-PK-000020WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.203 WN16-PK-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.204 WN16-PK-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.204 WN16-PK-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.205 WN16-PK-000030WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.205 WN19-PK-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.205 WN22-PK-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.206 WN19-PK-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.206 WN22-PK-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.207 WN19-PK-000030WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.207 WN22-PK-000030WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II