800-53|SC-8(1)

Title

CRYPTOGRAPHIC OR ALTERNATE PHYSICAL PROTECTION

Description

The information system implements cryptographic mechanisms to [Selection (one or more): prevent unauthorized disclosure of information; detect changes to information] during transmission unless otherwise protected by [Assignment: organization-defined alternative physical safeguards].

Supplemental

Encrypting information for transmission protects information from unauthorized disclosure and modification. Cryptographic mechanisms implemented to protect information integrity include, for example, cryptographic hash functions which have common application in digital signatures, checksums, and message authentication codes. Alternative physical security safeguards include, for example, protected distribution systems.

Reference Item Details

Related: SC-13

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.2.6 Ensure 'Enable RPC encryption' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.1.4 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.5 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.6 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.7 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.8 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.20 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 15 L1 v4.0.1
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.2 Set 'transport input ssh' for 'line vty' connectionsCiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.3 Ensure that the --kubelet-https argument is set to trueUnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.16 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --secure-port argument is not set to 0OpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.19 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.19 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.20 Ensure that the --secure-port argument is not set to 0UnixCIS Kubernetes Benchmark v1.5.1 L1
1.2.24 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.25 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes Benchmark v1.9.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.26 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.27 Ensure that the --client-ca-file argument is set as appropriateUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriateOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --client-ca-file argument is set as appropriateOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - certUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.29 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - keyUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.10 Ensure system-wide crypto policy is not legacyUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.12 Ensure 'Internet-facing receive connectors' is set to 'Tls, BasicAuth, BasicAuthRequireTLS'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.12.4 Force SSL when accessing the manager applicationUnixCIS Apache Tomcat5.5/6.0 L1 v1.0
1.12.12 Force SSL for all applicationsUnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.3 Ensure 'Do not provide Continue option on Encryption warning dialog boxes' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.6 Ensure 'S/MIME interoperability with external clients' is set to Enabled:Handle internallyWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.7 Ensure 'S/MIME receipt requests behavior' is set to Enabled:Never send S/MIME receiptsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.8 Ensure 'Send all signed messages as clear signed messages' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.9 Ensure 'Signature Warning' is set to Enabled:Always warn about invalid signaturesWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.8 Ensure 'Do not automatically sign replies' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.17 Ensure CloudFront to Origin connection is configured using TLS1.1+ as the SSL\TLS protocolamazon_awsCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0