Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001188
CCI
CCI|CCI-001188
Title
The information system generates unique session identifiers for each session with organization-defined randomness requirements.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocol
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - session_crypto
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - session_crypto
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - SessionCryptoCipher
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - SessionCryptoCipher
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - ssl_module
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connect
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
Cisco
DISA STIG Cisco ASA VPN v1r2
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL
Windows
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL
Unix
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL_SVCENAME
Windows
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL_SVCENAME
Unix
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SVCENAME
Windows
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SVCENAME
Unix
DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptions
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
FGFW-ND-000280 - The FortiGate device must generate unique session identifiers using a FIPS 140-2-approved random number generator.
FortiGate
DISA Fortigate Firewall NDM STIG v1r3
IIST-SI-000220 - A private IIS 10.0 website authentication mechanism must use client certificates to transmit session identifier to assure integrity.
Windows
DISA IIS 10.0 Site v2r8
IIST-SI-000223 - The IIS 10.0 website must generate unique session identifiers that cannot be reliably reproduced.
Windows
DISA IIS 10.0 Site v2r8
IISW-SI-000220 - A private websites authentication mechanism must use client certificates to transmit session identifier to assure integrity.
Windows
DISA IIS 8.5 Site v2r8
IISW-SI-000223 - The IIS 8.5 website must generate unique session identifiers that cannot be reliably reproduced.
Windows
DISA IIS 8.5 Site v2r8
MADB-10-004900 - MariaDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
MySQLDB
DISA MariaDB Enterprise 10.x v1r2 DB
MD3X-00-000410 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
Unix
DISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-003700 - MongoDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
Unix
DISA STIG MongoDB Enterprise Advanced 4.x v1r2 OS
MYS8-00-007000 - The MySQL Database Server 8.0 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - require_secure_transport
MySQLDB
DISA Oracle MySQL 8.0 v1r3 DB
MYS8-00-007000 - The MySQL Database Server 8.0 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - ssl_fips_mode
MySQLDB
DISA Oracle MySQL 8.0 v1r3 DB
PGS9-00-011400 - PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
PostgreSQLDB
DISA STIG PostgreSQL 9.x on RHEL DB v2r3
SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
Windows
DISA STIG SQL Server 2016 Instance OS Audit v2r10
TCAT-AS-000750 - Tomcat must use FIPS-validated ciphers on secured connectors.
Unix
DISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
TCAT-AS-000750 - Tomcat must use FIPS-validated ciphers on secured connectors.
Unix
DISA STIG Apache Tomcat Application Server 9 v2r4
VCSA-70-000077 - The vCenter Server must enable FIPS-validated cryptography.
VMware
DISA STIG VMware vSphere 7.0 vCenter v1r2
WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
Unix
DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
Unix
DISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes.
Windows
DISA IBM WebSphere Traditional 9 Windows STIG v1r1
