CCI|CCI-001184

Title

The information system protects the authenticity of communications sessions.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption - applicationsWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0060 - Remoting Services HTTP channels must utilize authentication and encryption - machineWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption - applicationsWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0071 - Remoting Services TCP channels must utilize authentication and encryption - machineWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - IKE Phase 2CiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - proposalCiscoDISA STIG Cisco ASA VPN v1r1
CNTR-K8-001400 - The Kubernetes API server must use approved cipher suites.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001410 - Kubernetes API Server must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001420 - Kubernetes Kubelet must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001430 - Kubernetes Controller Manager must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication - tls-cert-fileUnixDISA STIG Kubernetes v1r5
CNTR-K8-001440 - Kubernetes API Server must have a certificate for communication - tls-private-key-fileUnixDISA STIG Kubernetes v1r5
CNTR-K8-001450 - Kubernetes etcd must enable client authentication to secure service.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001460 - Kubernetes Kubelet must enable tls-private-key-file for client authentication to secure service.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001470 - Kubernetes Kubelet must enable tls-cert-file for client authentication to secure service.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001480 - Kubernetes etcd must enable client authentication to secure service.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001490 - Kubernetes etcd must have a key file for secure communication.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001500 - Kubernetes etcd must have a certificate for communication.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001510 - Kubernetes etcd must have the SSL Certificate Authority set.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001520 - Kubernetes etcd must have a certificate for communication.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001530 - Kubernetes etcd must have a key file for secure communication.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001540 - Kubernetes etcd must have peer-cert-file set for secure communication.UnixDISA STIG Kubernetes v1r5
CNTR-K8-001550 - Kubernetes etcd must have a peer-key-file set for secure communication.UnixDISA STIG Kubernetes v1r5
DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DTBI046-IE11 - Logon options must be configured to prompt (Internet zone).WindowsDISA STIG IE 11 v2r1
DTBI136-IE11 - Logon options must be configured and enforced (Restricted Sites zone).WindowsDISA STIG IE 11 v2r1
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.WindowsDISA STIG Microsoft Lync 2013 v1r4
DTOO421 - Session Initiation Protocol (SIP) security mode must be configured.WindowsDISA STIG Microsoft Skype for Business 2016 v1r1
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.WindowsDISA STIG Microsoft Lync 2013 v1r4
DTOO422 - In the event a secure SIP connection fails, the connection must be restricted from resorting to the unencrypted HTTP.WindowsDISA STIG Microsoft Skype for Business 2016 v1r1
EX13-EG-000090 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000110 - Exchange internal Receive connectors must require encryption.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX13-MB-000115 - Exchange internal Receive connectors must use Domain Security (mutual authentication Transport Layer Security) - mutual authentication Transport Layer Security.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX13-MB-000120 - Exchange internal Send connectors must require encryption.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security). - DNSRoutingEnabledWindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security). - DomainSecureEnabledWindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security). - RequireTLSWindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-ED-000170 - Exchange internal Send connectors must use domain security (mutual authentication Transport Layer Security). - TlsAuthLevelWindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-ED-000180 - Exchange Internet-facing Receive connectors must offer Transport Layer Security (TLS) before using basic authentication.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-MB-000220 - Exchange internal Receive connectors must require encryption.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r4
F5BI-LT-000097 - The BIG-IP Core implementation must be configured to protect the authenticity of communications sessions.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
O365-LY-000001 - The SIP security mode in Lync must be enabled.WindowsDISA STIG Microsoft Office 365 ProPlus v2r5
O365-LY-000002 - The HTTP fallback for SIP connection in Lync must be disabled.WindowsDISA STIG Microsoft Office 365 ProPlus v2r5
SP13-00-000110 - SharePoint must ensure authentication of both client and server during the entire session. An example of this is SSL Mutual Authentication.WindowsDISA STIG SharePoint 2013 v2r3
SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions.WindowsDISA STIG SharePoint 2013 v2r3
SYMP-AG-000490 - Symantec ProxySG must use Transport Layer Security (TLS) to protect the authenticity of communications sessions.BlueCoatDISA Symantec ProxySG Benchmark ALG v1r3
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.UnixDISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
TCAT-AS-000800 - Tomcat servers must mutually authenticate proxy or load balancer connections.UnixDISA STIG Apache Tomcat Application Server 9 v2r4
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.UnixOracle WebLogic Server 12c Linux v2r1
WBLC-08-000223 - Oracle WebLogic must ensure authentication of both client and server during the entire session.WindowsOracle WebLogic Server 12c Windows v2r1