CCI|CCI-001967

Title

Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.14 VCSA-80-000077VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT I
1.17 CISC-ND-001130CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.19 CISC-ND-001150CiscoCIS Cisco IOS XR Router NDM STIG v1.0.0 CAT II
1.26 CISC-ND-001130CiscoCIS Cisco NX OS Switch NDM STIG v1.1.0 CAT II
1.28 CISC-ND-001150CiscoCIS Cisco NX OS Switch NDM STIG v1.1.0 CAT II
1.28 VCSA-80-000253VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.29 VCSA-80-000265VMwareCIS VMware vSphere 8.0 vCenter STIG v1.0.0 CAT II
1.30 CISC-ND-001130CiscoCIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.30 CISC-ND-001130CiscoCIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.32 CISC-ND-001150CiscoCIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.32 CISC-ND-001150CiscoCIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.132 WN10-CC-000165WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.192 WN16-MS-000040WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.194 WN19-MS-000040WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.194 WN22-MS-000040WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.214 WN16-SO-000110WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.216 WN19-SO-000090WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.216 WN22-SO-000090WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.277 ALMA-09-035550UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
5.123 - Restrict unauthenticated RPC clients.WindowsDISA Windows Vista STIG v6r41
5.124 - Client computers required to authenticate for RPC communication.WindowsDISA Windows Vista STIG v6r41
ALMA-09-035550 - AlmaLinux OS 9 must not have the autofs package installed.UnixDISA Cloud Linux AlmaLinux OS 9 STIG v1r6
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - aaa authentication dot1x default groupAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000130 - The Arista Multilayer Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based - dot1x system-auth-controlAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x reauthenticationAristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L2-000140 - The Arista Multilayer Switch must re-authenticate all endpoint devices every 60 minutes or less - dot1x timeout reauth-period 3600AristaDISA STIG Arista MLS DCS-7000 Series L2S v1r3
AOSX-14-004020 - The macOS system must authenticate all endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-000008 - The macOS system must be configured with Wi-Fi support software disabled.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.UnixDISA STIG Apple macOS 12 v1r9
APPL-12-005051 - The macOS system must restrict the ability to utilize external writeable media devices.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization.UnixDISA STIG Apple macOS 13 v1r5
ARBA-ND-000310 - AOS must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).ArubaOSDISA HPE Aruba Networking AOS NDM STIG v1r1
ARBA-ND-000347 - AOS must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.ArubaOSDISA HPE Aruba Networking AOS NDM STIG v1r1
ARBA-NT-000130 - The network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.ArubaOSDISA HPE Aruba Networking AOS Wireless STIG v1r2
ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.AristaDISA Arista MLS EOS 4.X NDM STIG v2r2
ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).AristaDISA Arista MLS EOS 4.X NDM STIG v2r2
ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA STIG Cisco ASA NDM v2r4
CASA-ND-001070 - The Cisco ASA must be configured to encrypt Simple Network Management Protocol (SNMP) messages using a FIPS 140-2 approved algorithm.CiscoDISA STIG Cisco ASA NDM v2r4
CASA-ND-001080 - The Cisco ASA must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms.CiscoDISA STIG Cisco ASA NDM v2r4
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA Cisco IOS XR Router NDM STIG v3r6
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA Cisco IOS Router NDM STIG v3r7
CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA Cisco IOS XE Router NDM STIG v3r7
CISC-ND-001130 - The Cisco switch must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).CiscoDISA Cisco IOS Switch NDM STIG v3r7