Theme

CCI|CCI-002450

Title

The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etc	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grub	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - proc	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpm	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.077 - The system is not configured to use FIPS compliant Algorithms for Encryption, Hashing, and Signing.	Windows	DISA Windows Vista STIG v6r41
AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled.	Windows	DISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled.	Windows	DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000955 - Adobe Acrobat Pro XI FIPS mode must be enabled.	Windows	DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.	Unix	DISA STIG Apple macOS 11 v1r6
APPNET0062 - The .NET CLR must be configured to use FIPS approved encryption modules - applications	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0062 - The .NET CLR must be configured to use FIPS approved encryption modules - machine	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r1
ARDC-CL-000345 - Adobe Reader DC must enable FIPS mode.	Windows	DISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode.	Windows	DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect Information	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service Provider	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes - key	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes - zones	Unix	DISA BIND 9.x STIG v2r2
CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1.	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IKE Phase 1	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IPsec SA	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services.	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - crypto map	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - encryption	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - group	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - integrity	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - ipsec-proposal	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - prf	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - crypto map	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - encryption	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - group	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - integrity	Cisco	DISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - ipsec-proposal	Cisco	DISA STIG Cisco ASA VPN v1r1