CCI|CCI-001453

Title

The information system implements cryptographic mechanisms to protect the integrity of remote access sessions.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.26 Ensure ldap_tls_cacert is set for LDAP - configUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.26 Ensure ldap_tls_cacert is set for LDAP - fileUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.27 Ensure ldap_id_use_start_tls is set for LDAP - LDAP authentication communications.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.28 Ensure ldap_tls_reqcert is set for LDAP - LDAP communications.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.17 Ensure only strong MAC algorithms are used - MACs employing FIPS 140-2 approved cryptographic hash algorithms.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-001104 - If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.UnixDISA STIG AIX 7.x v2r8
AOSX-13-000605 - The macOS system must not use telnet.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - OpenSSH versionUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD currently runningUnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-14-000011 - The macOS system must implement DoD-approved encryption to protect the confidentiality and integrity of remote access sessions including transmitted data and data during preparation for transmission - SSHD service disabledUnixDISA STIG Apple Mac OSX 10.14 v2r6
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r7
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 v1r7
APPL-13-000054 - The macOS system must implement approved ciphers within the SSH server configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r2
APPL-13-000055 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r2
APPL-13-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration.UnixDISA STIG Apple macOS 13 v1r2
APPL-13-000057 - The macOS system must implement approved ciphers within the SSH client configuration to protect the confidentiality of SSH connections.UnixDISA STIG Apple macOS 13 v1r2
APPL-13-000058 - The macOS system must implement approved Message Authentication Codes (MACs) within the SSH client configuration.UnixDISA STIG Apple macOS 13 v1r2
APPL-13-000059 - The macOS system must implement approved Key Exchange Algorithms within the SSH client configuration.UnixDISA STIG Apple macOS 13 v1r2
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r3
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r3 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r3 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions - ssl cipherCiscoDISA STIG Cisco ASA VPN v1r2
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions - ssl versionCiscoDISA STIG Cisco ASA VPN v1r2
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions - IKE Phase 1CiscoDISA STIG Cisco ASA VPN v1r2
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 at 384 bits or greater for hashing to protect the integrity of IPsec remote access sessions - IPsec SACiscoDISA STIG Cisco ASA VPN v1r2
Catalina - Enable SSH for Remote Access SessionsUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001070 - FIPS mode must be enabled on all Docker Engine - Enterprise nodes - docker info .SecurityOptionsUnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-006280 - Docker Enterprise Universal Control Plane (UCP) must be configured to use TLS 1.2.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
EDGE-00-000046 - Edge must be configured to allow only TLS.WindowsDISA STIG Edge v1r6
F5BI-LT-000037 - The BIG-IP Core implementation must be configured to use NIST SP 800-52 Revision 1 compliant cryptography to protect the integrity of remote access sessions to virtual servers.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.UnixDISA STIG Mozilla Firefox Linux v6r4
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.WindowsDISA STIG Mozilla Firefox Windows v6r4
FFOX-00-000002 - Firefox must be configured to allow only TLS 1.2 or above.UnixDISA STIG Mozilla Firefox MacOS v6r4
GEN005306 - SNMP must require the use of a FIPS 140-2 cryptographic hash algorithm as part of its authentication and integrity methods.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methodsUnixDISA STIG AIX 5.3 v1r2
GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methodsUnixDISA STIG AIX 6.1 v1r14
GEN005306 - The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.UnixDISA STIG for Oracle Linux 5 v2r1
GEN005507 - SSH daemon must be configured to only use MACs employing FIPS 140-2 approved cryptographic hash algorithmsUnixDISA STIG AIX 6.1 v1r14
GEN005507 - SSH daemon must be configured to only use MACs employing FIPS 140-2 approved cryptographic hash algorithmsUnixDISA STIG AIX 5.3 v1r2
GEN005507 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs that employ FIPS 140-2 cryptographic hash algorithms.UnixDISA STIG for Oracle Linux 5 v2r1