800-53|SC-8(2)

Title

PRE / POST TRANSMISSION HANDLING

Description

The information system maintains the [Selection (one or more): confidentiality; integrity] of information during preparation for transmission and during reception.

Supplemental

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission or during reception including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.

Reference Item Details

Related: AU-10

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: TRANSMISSION CONFIDENTIALITY AND INTEGRITY

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.3.1 Ensure SSH is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.2 Ensure SSH is runningUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
20.54 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
20.54 Ensure 'Protection methods such as TLS, encrypted VPN's, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently runningUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledUnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Catalina - Enable SSH for Remote Access SessionsUnixNIST macOS Catalina v1.5.0 - All Profiles
CD12-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CD12-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CNTR-R2-000010 Rancher RKE2 must protect authenticity of communications sessions with the use of FIPS-validated 140-2 or 140-3 security requirements for cryptographic modules.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.UnixEnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
EPAS-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints.VMwareDISA STIG VMware vSphere 7.0 ESXi v1r2
ESXI-80-000161 The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2.VMwareDISA VMware vSphere 8.0 ESXi STIG v2r1
ESXI-80-000247 The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions.UnixDISA VMware vSphere 8.0 ESXi STIG OS v2r1
EX19-ED-000238 Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r1
IISW-SI-000249 - The IIS 8.5 website must maintain the confidentiality and integrity of information during preparation for transmission and during reception.WindowsDISA IIS 8.5 Site v2r9
MADB-10-008900 - MariaDB must maintain the confidentiality and integrity of information during preparation for transmission.MySQLDBDISA MariaDB Enterprise 10.x v2r1 DB
MADB-10-009000 - MariaDB must maintain the confidentiality and integrity of information during reception.MySQLDBDISA MariaDB Enterprise 10.x v2r1 DB
MD3X-00-000760 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD3X-00-000770 - MongoDB must maintain the confidentiality and integrity of information during reception.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-006000 - MongoDB must maintain the confidentiality and integrity of information during preparation for transmission.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD4X-00-006100 - MongoDB must maintain the confidentiality and integrity of information during reception.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MYS8-00-011300 - The MySQL Database Server 8.0 must maintain the confidentiality and integrity of information during preparation for transmission.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.WindowsDISA STIG Oracle 11.2g v2r5 Windows
O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.UnixDISA STIG Oracle 11.2g v2r5 Linux
OH12-1X-000324 - OHS must have the LoadModule ossl_module directive enabled to maintain the confidentiality and integrity of information during preparation for transmission.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r2