CCI|CCI-000196

Title

The information system, for password-based authentication, stores only cryptographically-protected passwords.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.057 - Reversible password encryption is not disabled.WindowsDISA Windows Vista STIG v6r41
3.073 - The system must be configured to prevent the storage of the LAN Manager hash of passwords.WindowsDISA Windows Vista STIG v6r41
5.4.3 Ensure password hashing algorithm is SHA-512UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.1.6 Ensure shadow file is configured to use only encrypted representations of passwordsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.6 Ensure user and group account administration utilities are configured to store only encrypted representations of passwordsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-001007 - If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords - bindpwd DESUnixDISA STIG AIX 7.x v2r5
AIX7-00-001007 - If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords - ldapsslkeypwdUnixDISA STIG AIX 7.x v2r5
AIX7-00-003101 - The AIX system must have no .netrc files on the system.UnixDISA STIG AIX 7.x v2r5
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Encrypt Stored PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Encrypt Stored PasswordsUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords.CiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords.CiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords - enable secretCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords - enable secretCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords - service password-encryptionCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords - service password-encryptionCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CNTR-K8-001160 - Secrets in Kubernetes must not be stored as environment variables.UnixDISA STIG Kubernetes v1r5
DTOO420 - The ability of Lync to store user passwords must be disabled.WindowsDISA STIG Microsoft Lync 2013 v1r4
F5BI-DM-000121 - The BIG-IP appliance must only store encrypted representations of passwords.F5DISA F5 BIG-IP Device Management 11.x STIG v2r1
GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'no password hashes in /etc/security/passwd'UnixDISA STIG AIX 5.3 v1r2
GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'no password hashes in /etc/security/passwd'UnixDISA STIG AIX 6.1 v1r14
GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'Verify no password hashes in /etc/passwd'UnixDISA STIG AIX 5.3 v1r2
GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'Verify no password hashes in /etc/passwd'UnixDISA STIG AIX 6.1 v1r14
GEN000595 - The password hashes must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/passwd'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000595 - The password hashes must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/shadow'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/passwd'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/shadow'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/passwdUnixDISA STIG Solaris 10 SPARC v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/passwdUnixDISA STIG Solaris 10 X86 v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/shadowUnixDISA STIG Solaris 10 SPARC v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - /etc/shadowUnixDISA STIG Solaris 10 X86 v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_ALGORITHMS_ALLOWUnixDISA STIG Solaris 10 X86 v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_ALGORITHMS_ALLOWUnixDISA STIG Solaris 10 SPARC v2r2
GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - CRYPT_DEFAULTUnixDISA STIG Solaris 10 SPARC v2r2