CCI|CCI-002314

Title

The information system controls remote access methods.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.5.3.2.3 Ensure iptables rules exist for all open ports - PPSM CLSA and vulnerability assessments.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.117 - Users must be prevented from connecting using Terminal Services.WindowsDISA Windows Vista STIG v6r41
AIX7-00-001024 - SSH must display the date and time of the last successful account login to AIX system upon login.UnixDISA STIG AIX 7.x v2r6
AIX7-00-001137 - AIX must be able to control the ability of remote login for users.UnixDISA STIG AIX 7.x v2r6
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000680 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000680 - The Apache web server must restrict inbound connections from nonsecure zones.UnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-W1-000670 - The Apache web server must restrict inbound connections from nonsecure zones.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000670 - The Apache web server must restrict inbound connections from nonsecure zones.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Control remote access methodsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Control remote access methodsUnixNIST macOS Catalina v1.5.0 - All Profiles
ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000035 - The ESXi host must be configured to disable nonessential capabilities by disabling SSH.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r2
F5BI-AP-000153 - The BIG-IP APM module access policy profile must control remote access methods to virtual servers.F5DISA F5 BIG-IP Access Policy Manager 11.x STIG v2r1
F5BI-LT-000153 - The BIG-IP Core implementation providing intermediary services for remote access communications traffic must control remote access methods to virtual servers.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.UnixDISA STIG Solaris 10 X86 v2r2
GEN001000 - Remote consoles must be disabled or protected from unauthorized access.UnixDISA STIG Solaris 10 SPARC v2r2
GEN008520 - The system must employ a local firewall.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG Solaris 10 X86 v2r2
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG Solaris 10 SPARC v2r2
GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy.UnixDISA STIG for Oracle Linux 5 v2r1
IIST-SV-000141 - Remote access to the IIS 10.0 web server must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.WindowsDISA IIS 10.0 Server v2r5
IIST-SV-000142 - The IIS 10.0 web server must restrict inbound connections from non-secure zones.WindowsDISA IIS 10.0 Server v2r5
IISW-SV-000141 - Remote access to the IIS 8.5 web server must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.WindowsDISA IIS 8.5 Server v2r3
IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones.WindowsDISA IIS 8.5 Server v2r3
Monterey - Control remote access methodsUnixNIST macOS Monterey v1.0.0 - All Profiles
OH12-1X-000030 - Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
OH12-1X-000032 - OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
OH12-1X-000033 - OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
OL08-00-040090 - An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems - --info-zoneUnixDISA Oracle Linux 8 STIG v1r2
OL08-00-040090 - An OL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems - --stateUnixDISA Oracle Linux 8 STIG v1r2
OL08-00-040100 - A firewall must be installed on OL 8.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-040101 - A firewall must be active on OL 8.UnixDISA Oracle Linux 8 STIG v1r2
PANW-AG-000078 - The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must control remote access methods (inspect and filter traffic).Palo_AltoDISA STIG Palo Alto ALG v2r2
PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r3
RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems - --info-zoneUnixDISA Red Hat Enterprise Linux 8 STIG v1r7
RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems - --stateUnixDISA Red Hat Enterprise Linux 8 STIG v1r7
RHEL-08-040100 - A firewall must be installed on RHEL 8.UnixDISA Red Hat Enterprise Linux 8 STIG v1r7
RHEL-08-040101 - A firewall must be active on RHEL 8.UnixDISA Red Hat Enterprise Linux 8 STIG v1r7
TCAT-AS-001020 - LockOutRealms must be used for management of Tomcat.UnixDISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
TCAT-AS-001020 - LockOutRealms must be used for management of Tomcat.UnixDISA STIG Apache Tomcat Application Server 9 v2r4
UBTU-16-030030 - An application firewall must be installed.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030050 - An application firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010023 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods.UnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010507 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw) - activeUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010507 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw) - enabledUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010507 - The Ubuntu operating system must enable and run the uncomplicated firewall(ufw) - installedUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-20-010433 - The Ubuntu operating system must have an application firewall installed in order to control remote access methods.UnixDISA STIG Ubuntu 20.04 LTS v1r5