800-53|SC-8(1)

Title

CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION

Description

The information system implements cryptographic mechanisms to [Selection (one or more): prevent unauthorized disclosure of information; detect changes to information] during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards].

Supplemental

Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems.

Reference Item Details

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.5 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.2 Ensure modern authentication for Exchange Online is enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.3 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.19 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.30 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.3.5 Ensure that the --root-ca-file argument is set as appropriateUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Red Hat EL8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Oracle Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Red Hat EL8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Oracle Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS AlmaLinux OS 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Rocky Linux 8 Workstation L1 v1.0.0
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.17 Ensure CloudFront to Origin connection is configured using TLS1.1+ as the SSL\TLS protocolamazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0