CCI|CCI-000803

Title

The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.3.16 Ensure only FIPS 140-2 ciphers are used for SSHUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ipv6 OSPF checksAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digestAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-keyAristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-L3-000320 - The Arista Multilayer Switch must not enable the RIP routing protocol.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - entropy sourceAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r3
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPSAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r3
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple macOS 11 v1r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure SSHD to Use Secure Key Exchange AlgorithmsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure all Federal Laws, Executive Orders, Directives, Policies, Regulations, Standards, and Guidance for Authentication to a Cryptographic Module are MetUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Limit SSH to FIPS 140 Validated Message Authentication Code AlgorithmsUnixNIST macOS Big Sur v1.4.0 - 800-171