CCI|CCI-001664

Title

The information system recognizes only session identifiers that are system-generated.

Reference Item Details

Category: 2010

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - httpdUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - httpdUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - SessionCookieName DomainUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - SessionCookieName DomainUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - SessionCookieName HttpOnly SecureUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - SessionCookieName HttpOnly SecureUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Header HttpOnly SecureUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Header HttpOnly SecureUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookieUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookieUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-W1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Header HttpOnly secureWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookieWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Header HttpOnly SecureWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookieWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000480 - The Apache web server must accept only system-generated session identifiers.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
IIST-SV-000134 - The IIS 10.0 web server must use cookies to track session state.WindowsDISA IIS 10.0 Server v2r5
IIST-SV-000135 - The IIS 10.0 web server must accept only system-generated session identifiers - sessionStateWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000135 - The IIS 10.0 web server must accept only system-generated session identifiers - timeoutWindowsDISA IIS 10.0 Server v2r5
IISW-SV-000134 - The IIS 8.5 web server must use cookies to track session state.WindowsDISA IIS 8.5 Server v2r3
IISW-SV-000135 - The IIS 8.5 web server must limit the amount of time a cookie persists - sessionStateWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000135 - The IIS 8.5 web server must limit the amount of time a cookie persists - timeoutWindowsDISA IIS 8.5 Server v2r3
TCAT-AS-000820 - Tomcat must be configured to limit data exposure between applications.UnixDISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
TCAT-AS-000820 - Tomcat must be configured to limit data exposure between applications.UnixDISA STIG Apache Tomcat Application Server 9 v2r4
VCFL-67-000004 - vSphere Client must protect cookies from XSS.UnixDISA STIG VMware vSphere 6.7 Virgo Client v1r1
VCST-67-000004 - The Security Token Service must protect cookies from XSS.UnixDISA STIG VMware vSphere 6.7 STS Tomcat v1r2
VCUI-67-000032 - vSphere UI must restrict its cookie path.UnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r2