Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001184
CCI
CCI|CCI-001184
Title
The information system protects the authenticity of communications sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption - applications
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r2
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption - machine
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r2
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption - applications
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r2
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption - machine
Windows
DISA STIG for Microsoft Dot Net Framework 4.0 v2r2
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - IKE Phase 2
Cisco
DISA STIG Cisco ASA VPN v1r3
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - proposal
Cisco
DISA STIG Cisco ASA VPN v1r3
CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001460 - Kubernetes Kubelet must enable tlsPrivateKeyFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001470 - Kubernetes Kubelet must enable tlsCertFile for client authentication to secure service.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication.
Unix
DISA STIG Kubernetes v1r11
CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication.
Unix
DISA STIG Kubernetes v1r11
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).
Windows
DISA STIG IE 11 v2r4
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).
Windows
DISA STIG IE 11 v2r4
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Lync 2013 v1r4
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Lync 2013 v1r4
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.
Windows
DISA STIG Microsoft Skype for Business 2016 v1r1
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX13-MB-000120 - Exchange internal Send connectors must require encryption.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security)
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000220 - Exchange internal Receive connectors must require encryption.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
F5BI-AP-000234 - The F5 BIG-IP appliance must not use the On-Demand Cert Auth VPE agent as part of the APM Policy Profiles.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-AP-000236 - The F5 BIG-IP appliance must be configured to limit authenticated client sessions to initial session source IP.
F5
DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.
F5
DISA F5 BIG-IP Local Traffic Manager STIG v2r3
JUSX-VN-000025 - The Juniper SRX Services Gateway VPN must configure Internet Key Exchange (IKE) with SHA1 or greater to protect the authenticity of communications sessions.
Juniper
DISA Juniper SRX Services Gateway VPN v2r2
O365-LY-000001 - The SIP security mode in Lync must be enabled.
Windows
DISA STIG Microsoft Office 365 ProPlus v2r11
O365-LY-000002 - The HTTP fallback for SIP connection in Lync must be disabled.
Windows
DISA STIG Microsoft Office 365 ProPlus v2r11
SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.
Windows
DISA STIG SharePoint 2013 v2r3
SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.
Windows
DISA STIG SharePoint 2013 v2r3
SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions.
BlueCoat
DISA Symantec ProxySG Benchmark ALG v1r3
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.
Unix
DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.
Unix
DISA STIG Apache Tomcat Application Server 9 v2r6
VCSA-70-000009 - The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
VMware
DISA STIG VMware vSphere 7.0 vCenter v1r2
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.
Unix
Oracle WebLogic Server 12c Linux v2r1
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.
Windows
Oracle WebLogic Server 12c Windows v2r1