CCI|CCI-002450

Title

The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
3.077 - The system is not configured to use FIPS compliant Algorithms for Encryption, Hashing, and Signing.WindowsDISA Windows Vista STIG v6r41
AADC-CL-000955 - Adobe Acrobat Pro DC Classic FIPS mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000955 - Adobe Acrobat Pro XI FIPS mode must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AOSX-13-000570 - The macOS system must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-13-000750 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003001 - The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.UnixDISA STIG Apple macOS 11 v1r6
APPNET0062 - The .NET CLR must be configured to use FIPS approved encryption modules - applicationsWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0062 - The .NET CLR must be configured to use FIPS approved encryption modules - machineWindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r1
ARDC-CL-000345 - Adobe Reader DC must enable FIPS mode.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Implement Approved Cryptography to Protect InformationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Issue or Obtain Public Key Certificates from an Approved Service ProviderUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes - keyUnixDISA BIND 9.x STIG v2r2
BIND-9X-001120 - A BIND 9.x server must implement NIST FIPS-validated cryptography for provisioning digital signatures and generating cryptographic hashes - zonesUnixDISA BIND 9.x STIG v2r2
CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1.CiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IKE Phase 1CiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IPsec SACiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services.CiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - crypto mapCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - encryptionCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - groupCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - integrityCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - ipsec-proposalCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - prfCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - crypto mapCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - encryptionCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - groupCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - integrityCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - ipsec-proposalCiscoDISA STIG Cisco ASA VPN v1r1