Audits
Settings
Links
Tenable.io
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Links
Tenable.io
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Audits
References
CCI
CCI-000068
CCI
CCI|CCI-000068
Title
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etc
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grub
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - proc
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpm
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.061 - Unencrypted remote access is permitted to system services.
Windows
DISA Windows Vista STIG v6r41
5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.043 - Terminal Services is not configured with the client connection encryption set to the required level.
Windows
DISA Windows Vista STIG v6r41
AIX7-00-002104 - The AIX SSH server must use SSH Protocol 2.
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-003100 - The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers - Approved List
Unix
DISA STIG AIX 7.x v2r5
AIX7-00-003100 - The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers - CBC
Unix
DISA STIG AIX 7.x v2r5
AOSX-13-000035 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH version
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently running
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabled
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..
Unix
DISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
Unix
DISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.
Unix
DISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-11-000011 - The macOS system must disable the SSHD service.
Unix
DISA STIG Apple macOS 11 v1r6
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.
Unix
DISA STIG Apple macOS 11 v1r6
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.
Unix
DISA STIG Apple macOS 11 v1r6
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.
Unix
DISA STIG Apple macOS 11 v1r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module
Windows
DISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol
Windows
DISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngine
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocol
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure SSHD to Use Secure Key Exchange Algorithms
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code Algorithms
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
