CCI|CCI-000877

Title

The organization employs strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-001102 - AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.UnixDISA STIG AIX 7.x v2r6
AOSX-13-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000605 - The macOS system must not use telnet.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - ChallengeResponseAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - enforceSmartCardUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-003024 - The macOS system must use multifactor authentication in the establishment of nonlocal maintenance and diagnostic sessions - PasswordAuthenticationUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections..UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000055 - The macOS system must use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA STIG Apple Mac OSX 10.15 v1r8
AOSX-15-000056 - The macOS system must implement an approved Key Exchange Algorithm.UnixDISA STIG Apple Mac OSX 10.15 v1r8
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enforce Smartcard AuthenticationUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
OL07-00-040110 - The Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections.UnixDISA Oracle Linux 7 STIG v2r9
OL08-00-010290 - The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-010291 - The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms.UnixDISA Oracle Linux 8 STIG v1r2
PHTN-67-000068 - The Photon operating system must use OpenSSH for remote maintenance sessions.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r3
SLES-12-030180 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.UnixDISA SLES 12 STIG v2r7
SLES-15-010270 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.UnixDISA SLES 15 STIG v1r6
SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception) - filtersUnixDISA STIG Solaris 11 X86 v2r6
SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception) - filtersUnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception) - firewall/pflogUnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception) - serviceUnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-050240 - The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception) - serviceUnixDISA STIG Solaris 11 X86 v2r6
UBTU-18-010414 - The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.UnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-20-010035 - The Ubuntu operating system must use strong authenticators in establishing nonlocal maintenance and diagnostic sessions.UnixDISA STIG Ubuntu 20.04 LTS v1r5
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - Listen PortUnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - Listen PortUnixOracle WebLogic Server 12c Linux v2r1
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - Listen PortWindowsOracle WebLogic Server 12c Windows v2r1
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - SSL Listen PortUnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - SSL Listen PortUnixOracle WebLogic Server 12c Linux v2r1
WBLC-06-000191 - Oracle WebLogic must employ strong identification and authentication techniques when establishing nonlocal maintenance and diagnostic sessions - SSL Listen PortWindowsOracle WebLogic Server 12c Windows v2r1
WN10-CC-000330 - The Windows Remote Management (WinRM) client must not use Basic authentication.WindowsDISA Windows 10 STIG v2r4
WN10-CC-000345 - The Windows Remote Management (WinRM) service must not use Basic authentication.WindowsDISA Windows 10 STIG v2r4
WN10-CC-000360 - The Windows Remote Management (WinRM) client must not use Digest authentication.WindowsDISA Windows 10 STIG v2r4
WN11-CC-000330 - The Windows Remote Management (WinRM) client must not use Basic authentication.WindowsDISA Windows 11 STIG v1r1
WN11-CC-000345 - The Windows Remote Management (WinRM) service must not use Basic authentication.WindowsDISA Windows 11 STIG v1r1
WN11-CC-000360 - The Windows Remote Management (WinRM) client must not use Digest authentication.WindowsDISA Windows 11 STIG v1r1
WN12-CC-000123 - The Windows Remote Management (WinRM) client must not use Basic authentication.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r4
WN12-CC-000123 - The Windows Remote Management (WinRM) client must not use Basic authentication.WindowsDISA Windows Server 2012 and 2012 R2 DC STIG v3r4