CCI|CCI-001941

Title

The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AD.4033_2008 - The computer clock synchronization tolerance must be limited to 5 minutes or less.WindowsDISA Windows Server 2008 DC STIG v6r47
AD.4033_2008_R2 - The computer clock synchronization tolerance must be limited to 5 minutes or less.WindowsDISA Windows Server 2008 R2 DC STIG v1r34
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accountsUnixDISA STIG AIX 7.x v2r8
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - lssrc sshdUnixDISA STIG AIX 7.x v2r1
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - lssrc sshdUnixDISA STIG AIX 7.x v2r6
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - lssrc sshdUnixDISA STIG AIX 7.x v2r3
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - lssrc sshdUnixDISA STIG AIX 7.x v2r5
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - openssh.base.serverUnixDISA STIG AIX 7.x v2r3
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - openssh.base.serverUnixDISA STIG AIX 7.x v2r5
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - openssh.base.serverUnixDISA STIG AIX 7.x v2r6
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts - openssh.base.serverUnixDISA STIG AIX 7.x v2r1
AIX7-00-001012 - AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.UnixDISA STIG AIX 7.x v2r9
AOSX-09-000570 - The operating system must implement replay-resistant authentication mechanisms for network access to privileged accounts.UnixDISA STIG Apple Mac OSX 10.9 v1r2
AOSX-10-000570 - The operating system must implement replay-resistant authentication mechanisms for network access to privileged accounts.UnixDISA STIG Apple Mac OSX 10.10 v1r5
AOSX-11-000570 - The system must implement replay-resistant auth mechanisms for network access to privileged and non-privileged accounts.UnixDISA STIG Apple Mac OSX 10.11 v1r6
AOSX-12-000570 - The OS X system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.12 v1r6
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r1
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r3
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r1
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r3
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 11 v1r7
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 v1r3
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 v1r4
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 V1R2
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 v1r5
APPL-12-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 12 v1r7
APPL-13-000011 - The macOS system must disable the SSHD service.UnixDISA STIG Apple macOS 13 v1r1
APPL-14-001150 - The macOS system must disable password authentication for SSH.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-003020 - The macOS system must enforce smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-003030 - The macOS system must allow smart card authentication.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-003050 - The macOS system must enforce multifactor authentication for logon.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-003051 - The macOS system must enforce multifactor authentication for the su command.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-003052 - The macOS system must enforce multifactor authentication for privilege escalation through the sudo command.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.AristaDISA STIG Arista MLS EOS 4.2x NDM v1r1
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabledCiscoDISA STIG Cisco ASA NDM v1r5
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabledCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabledCiscoDISA STIG Cisco ASA NDM v1r6
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - fips enabledCiscoDISA STIG Cisco ASA NDM v1r3
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipherCiscoDISA STIG Cisco ASA NDM v1r5
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipherCiscoDISA STIG Cisco ASA NDM v1r6
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipherCiscoDISA STIG Cisco ASA NDM v1r3
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh cipherCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchangeCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchangeCiscoDISA STIG Cisco ASA NDM v1r5
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchangeCiscoDISA STIG Cisco ASA NDM v1r6
CASA-ND-000470 - The Cisco ASA must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts - ssh key-exchangeCiscoDISA STIG Cisco ASA NDM v1r3