CCI|CCI-000803

Title

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.19 APPL-14-000054	Unix	CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.20 APPL-14-000057	Unix	CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.23 OL08-00-010159	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.24 OL08-00-010160	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.25 OL08-00-010161	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.26 OL08-00-010162	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.27 OL08-00-010163	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.96 UBTU-24-400400	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.101 UBTU-22-611070	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.179 RHEL-09-252065	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.319 RHEL-09-611050	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.320 RHEL-09-611055	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.358 RHEL-09-652015	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.447 RHEL-09-671015	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.451 RHEL-09-672025	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
5.3.16 Ensure only FIPS 140-2 ciphers are used for SSH	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 17 v2r2
AIOS-17-007200 - Apple iOS/iPadOS 17 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 17 v2r2
AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	AirWatch - DISA Apple iOS/iPadOS 18 v1r4
AIOS-18-007200 - Apple iOS/iPadOS 18 must not include applications with the following characteristics: access to Siri when the device is locked.	MDM	MobileIron - DISA Apple iOS/iPadOS 18 v1r4
ALMA-09-039290 - AlmaLinux 9 cryptographic policy must not be overridden.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-039510 - The libreswan package must be installed.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-039620 - AlmaLinux OS 9 must have the packages required for encrypting offloaded audit logs installed.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r3
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ipv6 OSPF checks	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000320 - The Arista Multilayer Switch must not enable the RIP routing protocol.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - entropy source	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-200825 - The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module - SSH FIPS	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000054 - The macOS system must implement approved ciphers to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-000056 - The macOS system must implement an approved Key Exchange Algorithm.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9
APPL-12-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.	Unix	DISA STIG Apple macOS 12 v1r9

Detections

Analytics

CCI|CCI-000803

Title

Reference Item Details

Audit Items