800-53|SC-8(1)

Title

CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION

Description

The information system implements cryptographic mechanisms to [Selection (one or more): prevent unauthorized disclosure of information; detect changes to information] during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards].

Supplemental

Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems.

Reference Item Details

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 VCSA-80-000009VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.1.2.1 (L1) Ensure 'NTLM' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.5 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.7.1 (L1) Ensure 'TLS_RSA_WITH_3DES_EDE_CBC_SHA ' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.8 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.37 (L1) Ensure 'Maximum SSL version enabled' is set to 'Enabled: TLS 1.3'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.38 (L1) Ensure 'Minimum SSL version enabled' is set to 'Enabled: TLS 1.2'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.11.1 Assign a custom certificate to syslog-clientArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.11.2 Configure syslog-client to log using TLSArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.13.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'WindowsCIS Microsoft Intune for Edge v1.0.0 L1
1.13.1 (L1) Ensure 'Allow Basic authentication for HTTP' is set to 'Disabled'WindowsCIS Microsoft Edge v4.0.0 L1
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'WindowsCIS Microsoft Intune for Edge v1.0.0 L2
1.13.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'WindowsCIS Microsoft Edge v4.0.0 L2
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.17 Ensure CloudFront to Origin connection is configured using TLS1.1+ as the SSL\TLS protocolamazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0
1.19 APPL-14-000054UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I
1.19 APPL-26-000054UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT I
1.142 SOL-11.1-060080UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.144 SOL-11.1-060080UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.145 SOL-11.1-060110UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.147 SOL-11.1-060110UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.176 WN16-DC-000320WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.177 WN19-DC-000320WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.177 WN22-DC-000320WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.193 WN10-SO-000035WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.194 WN10-SO-000040WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.195 WN10-SO-000045WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.198 WN10-SO-000060WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II