CSCv7|18.5

Title

Use Only Standardized and Extensively Reviewed Encryption Algorithms

Description

Use only standardized and extensively reviewed encryption algorithms.

Reference Item Details

Category: Application Software Security

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.2 Ensure 'Enable Password' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.3 Ensure 'Master Key Passphrase' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.1.3 Ensure 'Master Key Passphrase' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.3 Ensure 'Master Key Passphrase' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.5.6 Ensure NIST FIPS-validated cryptography is configured - enabledUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.5.6 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.5.6 Ensure NIST FIPS-validated cryptography is configured - installedUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.5.9 Ensure NIST FIPS-validated cryptography is configured - etcUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - grubUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - procUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.5.9 Ensure NIST FIPS-validated cryptography is configured - rpmUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'WindowsCIS Windows Server 2012 R2 MS L1 v2.6.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Windows Server 2012 R2 MS L1 v2.6.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Windows Server 2012 R2 DC L1 v2.6.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Windows Server 2012 DC L1 v2.4.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Windows Server 2012 MS L1 v2.4.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.10 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.10 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MariaDB 10.6 Database L2 v1.0.0
2.10 Limit Accepted Transport Layer Security (TLS) VersionsUnixCIS MariaDB 10.6 on Linux L2 v1.0.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured CorrectlyMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured CorrectlyMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
2.12 Ensure Only Approved Ciphers are UsedMySQLDBCIS MariaDB 10.6 Database L2 v1.0.0
2.12 Ensure Only Approved Ciphers are UsedUnixCIS MariaDB 10.6 on Linux L2 v1.0.0
2.12 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.12 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipherMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipherMySQLDBCIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - tls_ciphersuitesMySQLDBCIS MySQL 5.7 Community Database L2 v2.0.0
2.15 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.15 Limit Accepted Transport Layer Security (TLS) VersionsMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0
2.17 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 8.0 Enterprise Database L2 v1.3.0
2.17 Ensure Only Approved Ciphers are UsedMySQLDBCIS MySQL 8.0 Community Database L2 v1.0.0